Bleeping Computer

PyPI temporarily pauses new users, projects amid high volume of malware

PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new projects from being uploaded to the platform until further notice.
Ars Technica

Malware downloaded from PyPI 41,000 times was surprisingly stealthy

PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41,000 times in one of the ...
Bleeping Computer

Spammers flood PyPI with pirated movie links and bogus packages

The official Python software package repository, PyPI, is getting flooded with spam packages, as seen by BleepingComputer. These packages are named after different movies in a style that is commonly ...