Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to ...

Abstract: The ICSE 2021 paper titled “PyCG: Practical Call Graph Generation in Python” comes with a replication package with the purpose of providing open access to (1) our prototype call graph ...

Python 3.14 was the star of the show in 2025, bringing official support for free-threaded builds, a new all-in-one installation manager for Windows, and subtler perks like the new template strings ...

Microsoft has added official Python support to Aspire 13, expanding the platform beyond .NET and JavaScript for building and running distributed apps. Documented today in a Microsoft DevBlogs post, ...

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...

Department of Materials, Manchester Institute of Biotechnology, School of Natural Sciences, Faculty of Science and Engineering, The University of Manchester, Oxford Road, Manchester M13 9PL, United ...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows ...

Usage: uv-packsize [OPTIONS] [PACKAGE_NAMES]... Report the size of a Python package and its dependencies using uv. Options: --version Show the version and exit. --bin Include the size of binaries in ...