Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...

Abstract: The ICSE 2021 paper titled “PyCG: Practical Call Graph Generation in Python” comes with a replication package with the purpose of providing open access to (1) our prototype call graph ...

PyApp seems to be taking the Python world by storm, providing long-awaited click-and-run Python distribution. For developers who need a little more versatility, there’s uv. Find these tools and more ...

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...

A whitepaper from the Python Software Foundation’s (PSF) own Security Developer-in-Residence, Seth Larson, sounds the alarm on “phantom dependencies” and offers a solution with the PEP 770 proposal ...

TIOBE Programming Index News August 2025: AI Copilots Are Boosting Python’s Popularity Your email has been sent Generative AI can be a self-fulfilling prophecy: Because gen AI scans vast amounts of ...