dYdX has been targeted by bad actors using malicious packages to empty its user wallets.

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

In forecasting economic time series, statistical models often need to be complemented with a process to impose various constraints in a smooth manner. Systematically imposing constraints and retaining ...

I noticed some time ago that the releases of datafusion-python and the core/rust project are no longer in sync. Pypi version is at v48.0.0, while Rust/crates version is at v49.0.1. Is this a planned ...

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...

TIOBE Programming Index News August 2025: AI Copilots Are Boosting Python’s Popularity Your email has been sent Generative AI can be a self-fulfilling prophecy: Because gen AI scans vast amounts of ...

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...

Chainguard Libraries for Python isn’t just another repository; it’s an index of Python dependencies engineered to be resistant to malware. The secret sauce? Building every single one securely from its ...