On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.

Supply chain attacks feel like they're becoming more and more common.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Thinking about getting started with data science or maybe just want a better way to handle your Python projects? Anaconda Python is a super popular choice, and for good reason. It bundles a lot of ...

A new campaign exploiting machine learning (ML) models via the Python Package Index (PyPI) has been observed by cybersecurity researchers. ReversingLabs said threat actors are using the Pickle file ...

The tendency of code-generating large language models (LLMs) to produce completely fictitious package names in response to certain prompts is significantly more widespread than commonly recognized, a ...

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. The ...

The Environmental Source Apportionment Toolkit (ESAT) is an open-source software package that provides API and CLI functionality to create source apportionment workflows specifically targeting ...

It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code and set ...

User 1 has model A, with a specific set of python dependencies (ex Tensorflow = 1.8.0) and its already registered in Multi Model server. Now User 2 wants to register model B, which again uses ...