Sonatype Releases Q1 2026 Open Source Malware Index: Trust Abuse Most Successful Attack Vector

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Hosted on MSN

A popular Python library just became a backdoor to your entire machine

If you work with AI APIs and local LLMs, there's a good chance you've at least heard of LiteLLM. It's one of the most popular Python libraries for interacting with large language models, offering a ...
Ars Technica

OpenAI is acquiring open source Python tool-maker Astral

OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...
GitHub

PPM — Python Package Manager

TL;DR: pypm aims to be a single command that handles everything from creating a virtual-env to publishing wheels—fast, deterministic, and hackable. The current release is ~500 LOC of portable C that ...
IEEE

A Replication Package for PyCG: Practical Call Graph Generation in Python

Abstract: The ICSE 2021 paper titled “PyCG: Practical Call Graph Generation in Python” comes with a replication package with the purpose of providing open access to (1) our prototype call graph ...
Visual Studio Magazine

Aspire 13 Makes Python a First-Class Workload with .NET and JavaScript

Microsoft has added official Python support to Aspire 13, expanding the platform beyond .NET and JavaScript for building and running distributed apps. Documented today in a Microsoft DevBlogs post, ...
Popular Science

Cat-sized Jurassic reptile had the jaws of a python

Add Popular Science (opens in a new tab) Adding us as a Preferred Source in Google by using this link indicates that you would like to see more of our content in Google News results. Get the Popular ...
Geeky Gadgets

The Future of Python : Here’s What’s Coming & Trends You Can’t Ignore

What if the programming language you rely on most is on the brink of a transformation? For millions of developers worldwide, Python is not just a tool, it’s a cornerstone of their craft, powering ...
InfoWorld

New tools make Python app distribution easier than ever

PyApp seems to be taking the Python world by storm, providing long-awaited click-and-run Python distribution. For developers who need a little more versatility, there’s uv. Find these tools and more ...