Infosecurity Magazine

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
TWCN Tech News

How to uninstall Python PIP package and dependencies

Do you want to uninstall the Python PIP package you installed sometime back but don’t know how? Sometimes, you may want to remove a package and its dependencies, because you no longer need it or ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
InfoWorld

Virtualenv and venv: Python virtual environments explained

Of all the reasons Python is a hit with developers, one of the biggest is its broad and ever-expanding selection of third-party packages. Convenient toolkits for everything from ingesting and ...
Ars Technica

Devs unknowingly use “malicious” modules snuck into official Python repository

The official repository for the widely used Python programming language has been tainted with modified code packages, a computer security authority in Slovakia warned. The authority also said the ...
InfoWorld

How to use uv: A superfast Python package installer

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look. A few behaviors aren’t supported yet, but these should not interfere with your ...