The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...
Bleeping Computer

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. Earlier today, the ...
Fast Company

An AI agent just tried to shame a software engineer after he rejected its code

Sign of the times: An AI agent autonomously wrote and published a personalized attack article against an open-source software maintainer after he rejected its code contribution. It might be the first ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
NBC News

UPS is 'disposing of' U.S.-bound packages over customs paperwork problems

Thousands of U.S.-bound packages shipped by UPS are trapped at hubs across the country, unable to clear the maze of new customs requirements imposed by the Trump administration. Subscribe to read this ...
SiliconANGLE

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...
International Monetary Fund

A Python Package to Assist Macroframework Forecasting: Concepts and Examples

In forecasting economic time series, statistical models often need to be complemented with a process to impose various constraints in a smooth manner. Systematically imposing constraints and retaining ...
InfoWorld

How to use editable installs for Python packages

When you install Python packages into a given instance of Python, the default behavior is for the package’s files to be copied into the target installation. But sometimes you don’t want to copy the ...
Yahoo

Receive a random package you didn’t order? You may be a victim of a ‘brushing’ scheme — here’s how it works

Add Yahoo as a preferred source to see more of our stories on Google. Receive a random package you didn’t order? You may be a victim of a ‘brushing’ scheme. Here’s how it works — and the 1 thing ...
TechRepublic

TIOBE Programming Index News May 2025: Python Hits Major Milestone

Only twice in TIOBE Programming Index history has a language commanded such a high percentage of developers’ interest. Python has reached a 25.35% share of community interest in programming languages ...
GitHub

ragibson/matplotlib-lossless-webp

A tiny Python package that forces lossless compression in matplotlib when saving WebP images. Otherwise, matplotlib's .webp exports are somewhat low quality unless you add specific PIL parameters.
NBC DFW

What to do with the package you didn't order

NBC 5 Responds to a North Texas family with a sparkly surprise in the mail addressed to them. They say they weren’t expecting a package and it wasn’t a gift. Read on for what you can do if you get one ...