InfoQ

Microsoft Agent Framework RC Simplifies Agentic Development in .NET and Python

Microsoft has announced that the Microsoft Agent Framework has reached Release Candidate status for both .NET and Python. This milestone indicates that the API surface is stable and feature-complete ...

Open source registries don't have enough money to implement basic security

Trusted registries are widely treated as a key component of Software Bill of Materials (SBOM) - driven supply chain security ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
Infosecurity-magazine.com

New Malware on PyPI Poses Threat to Open-Source Developers

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...
Developer Tech

Chainguard rebuilds Python libraries to slam the door on malware

Chainguard Libraries for Python isn’t just another repository; it’s an index of Python dependencies engineered to be resistant to malware. The secret sauce? Building every single one securely from its ...
GitHub

Question: installation from PyPi in Python 2.7 environment

I have been trying to get cppyy set up in a Python 2.7 / Linux environment. To preface this, I recognize that Python 2 is no longer maintained; however I'm working with it due to constraints outside ...
The Hacker News

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot

The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram. By ...
InfoWorld

Creating a pip install-able Python package

It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code and set ...
CoinTelegraph

Crypto-stealing malware discovered in Python Package Index — Checkmarx

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...
SecurityWeek

Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI

Users of popular cryptocurrency wallets have been targeted in a supply chain attack involving Python packages relying on malicious dependencies to steal sensitive information, Checkmarx warns. As part ...