A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.

An unusual attack using an open-source package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies.

Checkmarx, which recently also found a flaw in Amazon’s Ring camera system, is now warning Python developers that package downloading could lead to an increased risk of a supply chain attack.

Use PyInstaller to package your Python apps into standalone executables for easy distribution.