Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been…
Malicious PyPI Package Exploited Deezer’s API, Orchestrates a Distributed Piracy Operation
A malicious PyPi package effectively turned its users’ systems “into an illicit network for facilitating bulk music downloads,”…
PyPi package with 100K installs pirated music from Deezer for years
A malicious PyPi package named ‘automslc’Â has been downloaded over 100,000 times from the Python Package Index since…
PyPI adds project archiving system to stop malicious updates
The Python Package Index (PyPI) has announced the introduction of ‘Project Archival,’ a new system that allows publishers…
Malicious PyPi package steals Discord auth tokens from devs
A malicious package named ‘pycord-self’ on the Python package index (PyPI) targets Discord developers to steal authentication tokens…