PyPI
ServicePyPI (Python Package Index) is the official repository and distribution service for third-party Python libraries and applications. It lets developers publish and install packages with tools like pip, making it a central hub—and frequent security target—for the Python ecosystem.
Stories
Completed digest stories linked to this service.
-
AI agents hit by real supply‑chain and tool‑use RCE warnings; lock down MCP and ...2026-03-27AI coding agents faced fresh, concrete security hits this week across supply chain and tool-use layers, while ...
-
LiteLLM PyPI compromise exfiltrated cloud and CI/CD secrets; pin and rotate now2026-03-26The popular LiteLLM PyPI package was briefly compromised, exfiltrating cloud and CI/CD secrets with links to a...
-
LiteLLM PyPI compromise shows why to turn on dependency cooldowns now2026-03-25A malicious LiteLLM 1.82.7/1.82.8 PyPI release briefly stole developer creds on install, highlighting the valu...