WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
InfoWorld

7 newer data science tools you should be using with Python

Already using NumPy, Pandas, and Scikit-learn? Here are seven more powerful data wrangling tools that deserve a place in your ...
Ars Technica

PyPI halted new users and projects while it fended off supply-chain attack

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...
Bleeping Computer

Hackers poison source code from largest Discord bot platform

The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information. The threat actor has ...
InfoWorld

Pyrefly and Ty: Two new Rust-powered Python type-checking tools compared

What is most striking about Python’s latest wave of third-party tooling is that they aren’t written in Python. Instead, many of the newer tools for project management, code formatting, and now type ...
Hosted on MSN

Curl project, swamped with AI slop, finds not all AI is bad

Over the past two years, the open source curl project has been flooded with ... have been a problem not just for curl, but also for the Python community, Open Collective, and the Mesa Project. It ...
Network World

OpenStack Flamingo pays down technical debt as adoption continues to climb

Security improvements and confidential computing enhancements are also part of OpenStack 2025.2, known as Flamingo.