Python 软件包索引（Python Package Index, PyPI）发出警告，指出针对 Python 开发者的网络钓鱼攻击将持续存在，攻击者利用虚假域名和紧急邮件策略诱骗用户。受害者被诱导通过拼写错误的域名（如 pypi-mirror.org）验证账户。PyPI 敦促用户和维护者采用防网络钓鱼的双因素认证（2FA）和具备域名识别功能的密码管理器，以应对日益严峻的安全威胁。

Malicious PyPI package soopsocks downloaded 2,653 times before takedown, exfiltrating Windows data to Discord.

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password ...

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...

PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...

Python rises above C and Java to take the top position in the index of programming language popularity for the first time. Python this month has taken the top spot in the Tiobe index of programming ...