大家好，这里是程序员晚枫。2025年4月，Python官方发布了PEP 784最终提案，宣布将Zstandard（简称Zstd）压缩库正式纳入标准库，配套推出compression统一命名空间。国庆期间，带有此标准库的Python3.14也正式发布了 ...

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password ...

PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...

A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on ...

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI ...

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects. One of them, using ...

Python Package Index (PyPI), the official third-party open-source repository for Python projects, said it will enforce a mandatory two-factor authentication (2FA) policy for projects categorized as ...

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, ...