Mar 10, 2025 · A recently disclosed vulnerability in the widely used Python JSON Logger library has exposed an estimated 43 million installations.

Apr 5, 2025 · Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information and test stolen credit card data. "The malicious libraries both attempt a similar attack, overwriting the legitimate 'clw cli' command with ...

5 days ago · A critical vulnerability in the widely-used python-json-logger library has been identified, potentially allowing attackers to execute arbitrary code.

Dec 11, 2024 · Last week, the Python project “ ultralytics ” suffered a supply-chain attack through a compromise of the projects’ GitHub Actions workflows and subsequently its PyPI API token. No security flaw in PyPI was used to execute this attack. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 were affected and have been removed from PyPI.

Mar 28, 2024 · PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on...

Dec 6, 2023 · Code injection is a stealthy attack where malicious code is inserted into a software system, causing it to execute unintended commands. By exploiting vulnerabilities, an attacker can inject harmful code, leading to severe consequences, such as unauthorized data access, financial fraud, or total system takeover.

Mar 25, 2024 · The Checkmarx Research team has unearthed a sophisticated attack campaign that leveraged fake Python infrastructure to target the software supply chain, affecting over 170,000 users, including the Top.gg GitHub organization and several individual developers.

Mar 21, 2025 · Read SentinelOne's response to the tj-actions/changed-files attack and learn how to secure development pipelines with runtime security.

Apr 3, 2025 · Popular Python crypto library targeted with a fake fix The Python packages we found both had names that target users of bitcoinlib, a popular Python library that contains features for creating and managing crypto wallets, interacting with the blockchain, and running Bitcoin scripts, among other things.

Mar 25, 2024 · More than 170,000 users are said to have been affected by an attack using fake Python infrastructure with "successful exploitation of multiple victims."