CSO Online

Modern supply-chain attacks and their real-world impact

Supply-chain attacks have evolved considerably in the las two years going from dependency confusion or stolen SSL among ...

Russian hackers use fake CAPTCHA tests to spread new malware families across multiple targets

Russian hackers use fake CAPTCHA tests to spread dangerous malware targeting governments and journalists. Learn how to ...
Hosted on MSN

Python devs targeted with dangerous phishing attacks - here's how to stay safe

Developers who published projects on PyPI with their email in package metadata are being targeted They are asked to "verify" their email address with a fake PyPI platform The "verification" process ...
SecurityWeek

Data Exposure Vulnerability Found in Deep Learning Tool Keras

A vulnerability in the open source deep learning tool Keras could allow attackers to load arbitrary local files or conduct SSRF attacks.
Bleeping Computer

PyPI now blocks domain resurrection attacks used for hijacking accounts

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...

Python plan to boost software security foiled by Trump admin’s anti-DEI rules

The Python Software Foundation has rejected a $1.5 million government grant because of anti-DEI requirements imposed by the ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...