A third of PyPi software packages contains flaw to execute code when downloaded

The findings, discovered by Checkmarx and published Friday, underscore how open source software repositories like PyPi are increasingly being targeted and leveraged by malicious actors.
The essential resource for independent news analysis, forward-looking features, product reviews, events, and professional recognition programs. Sharing insight and guidance in partnership with, and for, top-level information security executives and their technical teams.

Using Python's pip to Manage Your Projects' Dependencies – Real Python

The Rise of Malicious Packages in DevOps

Python

10 malicious PyPI packages found stealing developer's credentials

7. Releasing and versioning — Python Packages

PYPI Malware: Over 45K Users Fell Victim to PYPI Packages - Cyble

As a beginner, how can I determine if a python module is malicious? : r/learnpython

Investigating a backdoored PyPi package targeting FastAPI applications

Malicious PyPI packages with over 10,000 downloads taken down

A machine learning practitioner's tour of 10 under-appreciated PyPi packages, by Vinay Prabhu

8 Malicious Python Libraries Found On PyPI - Remove Them As Soon As Possible - The Sec Master

Python PIP - GeeksforGeeks

This Week in Malware — Malicious 'Distutil' and Spring4Shell active exploitation

Python Malware Starting to Employ Anti-Debug Techniques