:class: note This page was migrated from the old MoinMoin-based wiki. Information may be outdated or no longer applicable. For current documentation, see [python.org ...

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on ...

PyPI JSON API. Look up Python package metadata, versions, release files, and vulnerability data. Browse recent updates and newest packages via RSS feeds. No authentication required — all endpoints are ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

The post Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign appeared first on Tenable Blog. A self-propagating worm has compromised more than 170 npm and ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

HermesAgent是NousResearch打造的新一代自进化开源AI智能体框架，直击传统AIAgent部署门槛高、依赖繁杂的行业痛点——全程仅需数行命令即可完成部署，最低仅需256MB内存就能稳定运行。它彻底打破了普通聊天AI“只说不 ...

CrowdStrike, in collaboration with Google and the Shadowserver Foundation, has dismantled an international botnet that ...