GitHub

Trio – a friendly Python library for async concurrency and I/O

The Trio project aims to produce a production-quality, permissively licensed, async/await-native I/O library for Python. Like all async libraries, its main purpose is to help you write programs that ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Security Boulevard

JDownloader Website Hacked to Replace Installers With Python RAT Malware

The official JDownloader website was compromised between May 6 and May 7, 2026, with attackers replacing Windows and Linux installer download links with malicious payloads. JDownloader is a widely ...
Infosecurity-magazine.com

Deep#Door Python Backdoor Evades Detection On Windows

A stealthy Python-based backdoor framework capable of long-term surveillance and credential theft has been identified targeting Windows systems. According to research from Securonix, the malware, ...
techzine

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub Actions workflow to steal signing keys and ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
Indiatimes

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, more; and Elon ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack "software horror"—and the details are genuinely alarming. A compromised version of LiteLLM ...
winbuzzer.com

OpenAI Acquires Python Toolmaker Astral to Boost Codex AI Agent

OpenAI announced on March 17 that it will acquire Astral, the company behind Python’s widely used developer tools, to bolster its Codex coding platform as it races to close a revenue gap with ...
Indiatimes

OpenAI acquires Astral, the Python startup whose tools run on millions of developer machines

OpenAI has acquired Astral, a startup whose essential Python development tools are used by millions. This strategic move aims to bolster OpenAI's Codex group, which faces competition from Anthropic's ...
Infosecurity-magazine.com

Fraud Investigation Reveals Sophisticated Python Malware

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...
theregister

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes ...