Bleeping Computer

PyPI suspends new user registration to block malware campaign

The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. PyPI is an index for Python projects that helps ...
Dark Reading

PyPI's 2FA Requirements Don't Go Far Enough, Researchers Say

The official open source code repository for the Python programming language, the Python Package Index (PyPI), will require all user accounts to enable two-factor ...
Ars Technica

Actors behind PyPI supply chain attack have been active since late 2021

Awesome. Just when I was making headway on getting my organization to consider using the powerful open source data science and analysis tools in the Python ecosystem... This is why we can't have nice ...
Infosecurity-magazine.com

PyPI Revival Hijack Puts Thousands of Applications at Risk

A new software supply chain attack is being exploited in the wild, according to security researchers. The technique targets Python applications distributed via the Python Package Index, or PyPI.
Bleeping Computer

PyPI announces mandatory use of 2FA for all software publishers

The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year. PyPI ...
Dark Reading

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown

Following a temporary suspension of all new users and package uploads, the Python Package Index (PyPI) repository is back up and running. Many noted that the culprit was the flooding of the site with ...