YouTube player

The Python Package Index, also known as PyPI, is struggling to deal with the high volume of malicious users and packages. As a result, the administrators of the index temporarily suspended new user registrations and project creations. The incident notice stated that the volume of malicious users and malicious projects being created on the index in the past week has outpaced their ability to respond in a timely fashion. Open source registries like Python Package Index are popular with threat actors looking for a way to distribute their malware. The suspension was lifted on Sunday, however it is not known if the administrators have implemented a more permanent solution for dealing with Malware.

This segment was created for the It’s 5:05 podcast