A third of PyPi software packages contains flaw to execute code when downloaded

The findings, discovered by Checkmarx and published Friday, underscore how open source software repositories like PyPi are increasingly being targeted and leveraged by malicious actors.
The essential resource for independent news analysis, forward-looking features, product reviews, events, and professional recognition programs. Sharing insight and guidance in partnership with, and for, top-level information security executives and their technical teams.

PyUp Discovers New Malicious Packages on PyPI

As a beginner, how can I determine if a python module is malicious? : r/learnpython

Warning: PyPI Feature Executes Code Automatically After Python Package Download

Malicious PyPI packages with over 10,000 downloads taken down

Package names repurposed to push malware on PyPI

Using Python's pip to Manage Your Projects' Dependencies – Real Python

Create a PyPI Package: A Guide to Building and Uploading a Pip Installable Python Package

Devs unknowingly use “malicious” modules snuck into official Python repository

Malicious Open-Source Package Authors are Bad, and Should Feel Bad

Automatic Execution of Code Upon Package Download on Python Package Manager

Investigating a backdoored PyPi package targeting FastAPI applications

How to publish your own pip package, by Shobhit Gupta

116 Malicious PyPI Packages Downloaded Over 10,000 Times

8 Malicious Python Libraries Found On PyPI - Remove Them As Soon As Possible - The Sec Master