Python

 A sophisticated software supply chain attack leveraging Python Package Index (PyPI) repositories to deploy malware using Google's SMTP infrastructure as a command-and-control mechanism.  The campaign involved seven malicious packages – Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022,...

A critical vulnerability in the widely-used python-json-logger library has been identified, potentially allowing attackers to execute arbitrary code on affected systems.  The flaw, tracked as CVE-2025-27607 with an initial CVSS score of 8.8, affects versions...

Python has officially standardized a lock file format with the acceptance of PEP 751 marking a significant milestone for the Python packaging ecosystem. The new format, named pylock.toml, addresses long-standing issues with dependency management by...

Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python's official third-party software repository.  This latest attack vector involves several malicious packages disguised as time-related utilities, which are...

A recently disclosed vulnerability in the widely used Python JSON Logger library has exposed an estimated 43 million installations to potential remote code execution (RCE) attacks through a dependency chain flaw.  Tracked as GHSA-wmxh-pxcx-9w24 and...

A critical remote code execution (RCE) vulnerability (CVE-2025–27364) has been identified in all versions of MITRE Caldera prior to commit 35bc06e, exposing systems to potential compromise via unauthenticated attackers.  The flaw resides in the dynamic...

Two malicious Python Package Index (PyPI) packages: Zebo-0.1.0 and Cometlogger-0.1, have been identified, posing a significant threat to user security. These packages, uploaded in November 2024, exploit unsuspecting developers and users, aiming to steal sensitive data such...

Hackers often target PyPI packages due to their extensive user base and open-source nature. This helps threat actors in distributing malicious code within an open-source ecosystem. The decentralized nature of PyPI makes it challenging for...

There are a variety of Python security tools are using in the cybersecurity industries and python is one of the widely used programming languages to develop penetration testing tools. For anyone who is involved in...

An automated risk detection system identified a typosquatting campaign targeting popular Python libraries on PyPI. In two waves with a 20-hour break, the attack deployed over 500 variations with typos in names like requests,...