Dark Reading

One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious

The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...
Bleeping Computer

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...
Hosted on MSN

Not pretty, not Windows-only: npm phishing attack laces popular packages with malware

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.
InfoWorld

PyScript brings Python into the browser, more easily than ever

A new project from Anaconda delivers the Python runtime in a web page, via a single JS include, and with access to many popular Python packages. Anaconda, makers of the Python distribution for ...
Hosted on MSN

Popular NPM packages with over a million downloads hit by malware

17 NPM packages with more than a million weekly downloads were compromised to deliver a RAT The attack could turn into a major supply chain attack, experts warned The packages were since deprecated, ...