Malware can show up where you least expect it. Researchers discovered a logic bomb attack in the Python Package Index (PyPI) repository, which is code repository for Python developers and part of the software supply chain. Attackers aimed to get honest software developers to include the bombs in their applications by accident.