The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...
Phys.org

New open-source Python-based software boosts space-weather modeling

University of Birmingham experts have created open-source computer software that helps scientists understand how fast-moving particles behave when they interact with electromagnetic waves in space.
SiliconANGLE

OpenAI acquires open-source Python tooling startup Astral

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python development tools. The terms of the deal were not disclosed. Astral’s development ...
Bleeping Computer

Python rejects $1.5M grant from U.S. govt. fearing ethical compromise

The Python Software Foundation (PSF) has withdrawn its $1.5 million grant proposal to the U.S. National Science Foundation (NSF) due to funding terms forcing a compromise on its commitment to ...
The Verge

Python Software Foundation turns down $1.5 million NSF grant because of the anti-DEI strings attached.

A PSF proposal to address vulnerabilities in Python and PyPi was recommended for funding, but it was declined because the terms barred “any programs that advance or promote DEI, or discriminatory ...