Mar 10, 2025 · A recently disclosed vulnerability in the widely used Python JSON Logger library has exposed an estimated 43 million installations.

Apr 5, 2025 · Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information and test …

6 days ago · A critical vulnerability in the widely-used python-json-logger library has been identified, potentially allowing attackers to execute arbitrary code.

Dec 11, 2024 · Last week, the Python project “ ultralytics ” suffered a supply-chain attack through a compromise of the projects’ GitHub Actions workflows and subsequently its PyPI API token. …

Mar 28, 2024 · PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed …

Dec 6, 2023 · Code injection is a stealthy attack where malicious code is inserted into a software system, causing it to execute unintended commands. By exploiting vulnerabilities, an attacker …

Mar 25, 2024 · The Checkmarx Research team has unearthed a sophisticated attack campaign that leveraged fake Python infrastructure to target the software supply chain, affecting over …

Mar 21, 2025 · Read SentinelOne's response to the tj-actions/changed-files attack and learn how to secure development pipelines with runtime security.

Apr 3, 2025 · Popular Python crypto library targeted with a fake fix The Python packages we found both had names that target users of bitcoinlib, a popular Python library that contains …

Mar 25, 2024 · More than 170,000 users are said to have been affected by an attack using fake Python infrastructure with "successful exploitation of multiple victims."