The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and multi-OS compromise.
SecurityWeek

PyPI Warns Users of Fresh Phishing Campaign

PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
Electronics Weekly

Simplified PicoScope control by Python

Pico Technology has released a Python package designed to simplify the use of its PicoScope 6000E and 3000E Series USB oscilloscopes. Called pyPicoSDK and built on its the existing PicoSDK, the ...
How-To Geek on MSN

Python Package Index Responds to Malware Attack by Invalidating Tokens

The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...
Linux Journal

Python 3.13.5 Patch Release Packed with Fixes & Stability Boosts

Python 3.13.5 lands as a timely, focused maintenance release. It patches critical regression bugs from 3.13.4, carries essential security updates, and preserves the enhancements introduced across ...
InfoWorld

Open source registries signal shift toward paid models as AI strains infrastructure

The foundations said in their blog post that automated CI systems, large-scale dependency scanners, and ephemeral container builds operated by companies place “enormous strain on infrastructure” while ...