News

Ars Technica7y
Devs unknowingly use “malicious” modules snuck into official Python repository
The official repository for the widely used Python programming language has been tainted with modified code packages ... originate only from their official source, rather than being downloaded ...
Bleeping Computer2y
Unpatched 15-year old Python bug allows code execution in 350k projects
vulnerability researcher in the Trellix Advanced Threat Research team The flaw stems from the fact that code in the extract function in Python's tarfile module explicitly trusts the information in ...
Computer Weekly2y
15-year-old Python bug present in 350,000 open source projects
A 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result ... in Python’s tarfile module. When exploited, it allows ...
Infosecurity-magazine.com18d
New Malware on PyPI Poses Threat to Open-Source Developers
A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories ... that subtly modify code behavior. The ...
Bleeping Computer2y
Python info-stealing malware uses Unicode to evade detection
Python's support for using Unicode characters for identifiers, i.e., code variables, functions, classes, modules ... a theoretical attack called "Trojan Source" that used Unicode control ...