7 Malicious PyPI Packages Abuse Gmail’s SMTP Protocol to Execute Malicious Commands
A sophisticated software supply chain attack leveraging Python Package Index (PyPI) repositories to deploy malware using Google's SMTP infrastructure as a command-and-control mechanism.
The campaign...
Python JSON Logger Vulnerability Allows Remote Code Execution – PoC Released
A critical vulnerability in the widely-used python-json-logger library has been identified, potentially allowing attackers to execute arbitrary code on affected systems.
The flaw, tracked as...
Python Officially Unveils New Standard Lock File Format to Improve Security
Python has officially standardized a lock file format with the acceptance of PEP 751 marking a significant milestone for the Python packaging ecosystem.
The new...
New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens
Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python's official third-party software repository.
This latest attack vector...
Popular Python Library Vulnerability Exposes 43 million Installations to Code Execution Attacks
A recently disclosed vulnerability in the widely used Python JSON Logger library has exposed an estimated 43 million installations to potential remote code execution...
Critical MITRE Caldera Vulnerability Let Attackers Execute Remote Code – PoC Released
A critical remote code execution (RCE) vulnerability (CVE-2025–27364) has been identified in all versions of MITRE Caldera prior to commit 35bc06e, exposing systems to...
Two New Malicious PyPI Packages Attacking Users to Steal Login Details
Two malicious Python Package Index (PyPI) packages: Zebo-0.1.0 and Cometlogger-0.1, have been identified, posing a significant threat to user security.
These packages, uploaded in November 2024, exploit...
%20(1).webp?w=324&resize=324,235&ssl=1 "Revival Hijack, New Attack That Hijacks 22,000 PyPI Packages")
Revival Hijack, New Attack That Hijacks 22,000 PyPI Packages
Hackers often target PyPI packages due to their extensive user base and open-source nature. This helps threat actors in distributing malicious code within an...
Most Important Python Security Tools for Ethical Hackers & Penetration Testers 2024
There are a variety of Python security tools are using in the cybersecurity industries and python is one of the widely used programming languages...
Hackers Attack Python Developers by Poising With Typosquat on PyPI
An automated risk detection system identified a typosquatting campaign targeting popular Python libraries on PyPI. In two waves with a 20-hour break, the attack...
.webp?w=100&resize=100,70&ssl=1 "Top 10 Best Fraud Prevention Companies in 2025")
