Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
ZDNet

Developers, watch your code: Official Python repository spread malicious projects

PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
Bleeping Computer

Fake password manager coding test used to hack Python developers

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. The attacks are part ...
InfoWorld

The Python AI library hack that didn’t hack Python

There are some critical takeaways from the Ultralytics AI Python library hack, but they're not the ones you might expect. Also, 10 tips for making Python faster and a look at uv—the all-in-one Python ...