The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...

Google's security experts have open-sourced another automated fuzzing utility in the hopes that developers will use it to find security bugs and patch vulnerabilities before they are exploited. Named ...

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

Several harmful Python .whl files containing a new type of malware called “Kekw” have been discovered on PyPI (Python Package Index). According to new data by Cyble Research and Intelligence Labs ...

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...

The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to ...

The latest update to Microsoft’s code editor previews an automatic model selection capability and improvements to agent ...

Mypy, Pytype, Pyright, and Pyre can help you keep your type-hinted Python code bug-free. Let’s see what each of these useful tools has to offer. In the beginning, Python had no type decorations. That ...

In a move that’s set to introduce a fresh level of security for the world’s favorite programming language, the Python Package Index (PyPI), the official repository of third party open-source Python ...