Skip to content
The Nexus
DossierENTITY

Python Package Index

Coverage of Python Package Index in the Nexus archive.

Earliest in view: Apr 27 · 15:17 UTCMost recent: May 7 · 09:20 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 7 · 09:20 UTCTHE HACKER NEWS
    PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

    Cybersecurity researchers discovered three packages on the Python Package Index repository that deliver ZiChatBot malware on Windows and Linux systems. The packages implement described features but covertly deliver malicious files. Kaspersky reported the findings.

  • SECURITYMay 4 · 17:15 UTCBLEEPING COMPUTER
    Backdoored PyTorch Lightning package drops credential stealer

    A malicious version of the PyTorch Lightning package was published on the Python Package Index, delivering a credential-stealing payload targeting browsers and cloud services. The package is designed to steal sensitive information from users. This incident highlights the importance of verifying software packages before installation.

  • SECURITYApr 27 · 21:04 UTCARS TECHNICA
    Open source package with 1 million monthly downloads stole user credentials

    An open-source package with over 1 million monthly downloads, element-data, was compromised when attackers exploited a vulnerability in the developers’ account workflow to steal signing keys and sensitive data. The malicious version 0.23.3, pushed to Python Package Index and Docker accounts, scoured systems for credentials before being removed 12 hours later.

  • SECURITYApr 27 · 15:17 UTCBLEEPING COMPUTER
    PyPI package with 1.1M monthly downloads hacked to push infostealer

    A malicious version of the 'elementary-data' Python package on PyPI was pushed by an attacker to steal sensitive developer data and cryptocurrency wallets. The package, with 1.1 million monthly downloads, was compromised to distribute an infostealer.

Python Package Index · Dossier · The Nexus