Latest
Trending
Cyber Attacks
Data Breaches
Threat Intelligence
Critical Infrastructure
Policy & Government
Cybersecurity 101
Vulnerabilities
About Us
Weekly Briefing

PyPI Security

Coverage of the Python Package Index (PyPI) ecosystem, focusing on package hijacks, typosquatting, and malicious dependency chains. This tag highlights the risks inherent in the Python supply chain and the security of developer workstations.

Minimalist vector of a white Python-style symbol on a slate background, broken by a red chain link with cyan and white data pixels falling, symbolizing a breach.

Cyber Attacks

PyPI Package with 1.1M Monthly Downloads Hacked to Push Infostealer

A popular PyPI-hosted Python package, which pulls over 1.1 million downloads per month, has been hijacked by attackers who pushed a malicious update that silently installs the Windows-based W4SP infostealer on developer workstations. The malware harvests credentials, browser cookies, and Discord tokens, marking one of the largest supply chain

27 Apr 2026

The CyberSignal

The CyberSignal delivers breaking cybersecurity news, data breach reports, vulnerability alerts, and threat intelligence for CISOs, IT leaders, and security professionals.

The CyberSignal

Daily Briefing
Weekly Briefing
Corrections
Privacy Policy

Powered by Ghost