编辑｜冷猫这是一件极其严肃的软件安全事件。今天，Karpathy 发长推文警告全部开发者注意，GitHub 超过 4 万星，月下载量达 9700 万次的 Python 库 LiteLLM 在 PyPI 上被投毒。首先提请各位开发者检查自己的 LiteLLM 版本 ，含有恶意代码的版本号为 1.82.7 和 ...

Over 450 malicious PyPI python packages were found installing malicious browser extensions to hijack cryptocurrency transactions made through browser-based crypto wallets and websites. This discovery ...

今天，我在学习及实践使用 Python 虚拟环境时，下载相应库文件，直接使用 pip 下载，结果因下载速度过于实在太慢导致始终 ...

A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems. The malicious packages, ...

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...

NumPy (Numerical Python) is an open-source library for the Python programming language. It is used for scientific computing and working with arrays. Apart from its multidimensional array object, it ...