Python

LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed …

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a …

Two malicious packages leveraging the DeepSeek name have been published to the Python Package Index (PyPI) package repository, and in the 30 minutes or so they were up, they …

Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks …

Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs). Prompt injection arises when …

Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev …

In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique …

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in …

PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …

Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and …

The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …

An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. How the …