Bleeping Computer

Open source 'Package Analysis' tool finds malicious npm, PyPI packages

The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious ...

Anthropic Backs Python Security With $1.5 Million PSF Partnership

Anthropic committed $1.5 million to the Python Software Foundation to strengthen PyPI and CPython security, targeting ...
CSOonline

Attackers use Python compiled bytecode to evade detection

Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software. Attackers who are targeting open-source package repositories like ...