AI-powered Villager tool reached 11,000 PyPI downloads since July 2025, enabling scalable cyberattacks and complicating ...

You can create a release to package software, along with release notes and links to binary files, for other people to use. Learn more about releases in our docs.

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

The Python Package Index (PyPI) is putting a stop to so-called “domain resurrection attacks” that have been observed in the wild before to launch cyberattacks. Domain resurrection is a supply chain ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

The developers built malware before and participated in competitions used as recruiting platforms for Chinese state hackers.

In a report published today and shared with The Register, the AI security company's Regalado and fellow researcher Amanda ...

Simple-looking code tapped Ethereum’s blockchain to fetch hidden URLs that directed compromised systems to download ...

pip install git+https://github.com/seismic-anisotropy/PyDRex#egg=pydrex However, note that pip does not know how to uninstall dependencies of packages. Versioned ...

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...

The feature, awkwardly named "Upgraded file-creation and analysis," is basically Anthropic's version of ChatGPT's Code ...

Researchers have developed a new tool to more precisely guide cancer treatment. Described in a paper published in Nature ...