网络安全研究人员发现，与朝鲜相关的Lazarus组织在npm和Python包索引(PyPI)仓库中投放了一批新的恶意软件包，这些软件包与一个虚假招聘主题活动有关。 这一协调攻击活动被命名为graphalgo，名称来源于在npm注册表中发布的第一个软件包。据评估，该活动自2025年5月以来一直处于活跃状态。 ReversingLabs研究员Karlo Zanki在报告中表示："攻击者通过Linked ...

Abstract: Software repositories such as PyPI and npm are vital for software development but expose users to serious security risks from malicious packages. The malicious packages often execute their ...

dYdX has been targeted by bad actors using malicious packages to empty its user wallets.

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...

If installed via pip, the application will run on native Python. Requires Python 3.8 and above. Please pay extra attention that upstream projects are dropping build ...

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...

Python libraries are pre-written collections of code designed to simplify programming by providing ready-made functions for specific tasks. They eliminate the need to write repetitive code and cover ...

Installing Python and related applications on a system without a network connection isn’t easy, but you can do it. Here’s how. The vast majority of modern software development revolves around one big ...