The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
InfoWorld

Python isn’t always easy

How to overcome a few of the harder stasks in Python, such as creating stand-alone Python apps, backing up SQLite databases, ...
腾讯网

AI模型部署工具Xinference遭供应链投毒攻击

监测发现,近期AI模型部署工具Xinference遭供应链投毒攻击。攻击者向Python官方软件包仓库PyPI(Python Package Index)上传了包含恶意代码的Xinference软件包,用户安装受影响的软件包或者在代码文件中引入Xinference时,恶意代码将自动执行。攻击者可窃取云平台凭据、API密钥、数据库密码、加密货币钱包和 环境变量 ...
Ars Technica

Latest attack on PyPI users shows crooks are only getting better

More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of ...