More results...
North Korean threat actors have demonstrated their adept use of social engineering techniques combined with Python scripting to infiltrate secure networks. The Democratic People’s Republic of Korea (DPRK) operatives are leveraging the accessibili…
In a recent development, the ReversingLabs research team has uncovered a sophisticated software supply chain attack targeting developers of cryptocurrency applications. The attack involved the creation of two malicious Python packages, bitcoinlibdbfix …
Back in 2023 Python’s infrastructure director called it “the first step in our plan to build financial support and long-term sustainability of PyPI” while giving users “one of our most requested features: organization accounts.” (That is, “self-managed…
Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional supply chain attacks that rely on deception or typ…
The Python Software Foundation (PSF) has officially announced the adoption of a new standardized lock file format, outlined in PEP 751. This development is a major milestone for the Python packaging ecosystem, aiming to make dependency management more …
A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community due to its innovative use of Discord’s API as a Command and Control (C2) server. This Python-based malware exploits Discord’s extensive us…
Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of doll…
A recent discovery by Xavier Mertens, a senior handler at the Internet Storm Center, has highlighted a sophisticated attack where hackers utilize DLL side-loading to deploy malicious Python code. This technique involves tricking an application into loa…
Slashdot reader rikfarrow summarizes an article they wrote for Usenix.org about the Open Source Python compiler Codon:
In 2023 I tried out Codon. At the time I had difficulty compiling the scripts I most commonly used, but was excited by the prospect…
A recent discovery by ReversingLabs researchers has unveiled a malicious cyber attack targeting the Python Package Index (PyPI) users, a popular platform for Python developers. This sophisticated campaign involves malicious packages masquerading as tim…