Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets.

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

Stranger Things concept of the “Upside Down” is a useful way to think about the risks lurking in the software we all rely on.

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...

I noticed some time ago that the releases of datafusion-python and the core/rust project are no longer in sync. Pypi version is at v48.0.0, while Rust/crates version is at v49.0.1. Is this a planned ...

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three ...