Dark Reading

School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project

An apparently school-age hacker based in Verona, Italy, has become the latest to demonstrate why developers need to pay close attention to what they download from public code repositories these days.
Bleeping Computer

StackExchange abused to spread malicious PyPi packages as answers

Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform. The info-stealing malware can also exfiltrate ...
Ars Technica

Devs unknowingly use “malicious” modules snuck into official Python repository

The official repository for the widely used Python programming language has been tainted with modified code packages, a computer security authority in Slovakia warned. The authority also said the ...