Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Infosecurity Magazine

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...
cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library used by AI developers, was compromised to deliver a mass credential harvesting malware, sending shockwaves across the industry. The “software horror” spread ...
Visual Studio Magazine

Aspire 13 Makes Python a First-Class Workload with .NET and JavaScript

Microsoft has added official Python support to Aspire 13, expanding the platform beyond .NET and JavaScript for building and running distributed apps. Documented today in a Microsoft DevBlogs post, ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
Popular Science

Cat-sized Jurassic reptile had the jaws of a python

🛍️ Amazon Big Spring Sale: 100+ editor-approved deals worth buying right now 🛍️ By Andrew Paul Published Oct 1, 2025 11:00 AM EDT Add Popular Science (opens in a new tab) Adding us as a Preferred ...
International Monetary Fund

A Python Package to Assist Macroframework Forecasting: Concepts and Examples

In forecasting economic time series, statistical models often need to be complemented with a process to impose various constraints in a smooth manner. Systematically imposing constraints and retaining ...
Bleeping Computer

PyPI now blocks domain resurrection attacks used for hijacking accounts

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...
bitnewsbot

Malicious PyPI Packages Uncovered: Supply Chain Risk for Python

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
TechRepublic

TIOBE Programming Index News August 2025: AI Copilots Are Boosting Python’s Popularity

TIOBE Programming Index News August 2025: AI Copilots Are Boosting Python’s Popularity Your email has been sent Generative AI can be a self-fulfilling prophecy: Because gen AI scans vast amounts of ...
GitHub

Experimental Wheels for Python for Windows on ARM64

This repository provides experimental binary wheels for open-source extension packages for Python for Windows on ARM64. The files are experimental (meaning: unofficial, informal, unrecognized, ...