PyPI

(3 articles)

May 25, 2026

TrapDoor Supply Chain Attack Hits npm, PyPI, CratesIO

TrapDoor malware spreads credential-stealing payloads across npm, PyPI, and CratesIO. Learn how the supply chain attack works and how to protect your projects.

May 4, 2026

PyTorch Lightning PyPI Package Drops Credential Stealer

PyTorch Lightning v2.6.3 on PyPI contained a hidden credential stealer targeting browsers, .env files, and cloud APIs. Here's what developers need to know.

April 8, 2026

N. Korean Hackers Drop 1,700 Malicious Packages

North Korean hackers spread 1,700 malicious packages across npm, PyPI, Go, and Rust registries. Here's what developers need to check right now.