News

ZDNet5y

Programming language Python VS Code extension: New update has critical ...

Microsoft updates its Python extension for VS Code with fixes for two security flaws and easier interpreter selection.
The Hacker News11d

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.
Bleeping Computer3y

Popular Python and PHP libraries hijacked to steal AWS keys

Python's ctx library and a fork of PHP's phpass have been compromised. 3 million users combined. The malicious code sends all the environment variables to a heroku app, likely to mine AWS credentials.
Infosecurity-magazine.com2y

"Kekw" Malware in Python Packages Could Steal Data and Hijack Crypto

Several harmful Python .whl files containing a new type of malware called “Kekw” have been discovered on PyPI (Python Package Index). According to new data by Cyble Research and Intelligence Labs ...

Nearly half of all code generated by AI found to contain security flaws - even big LLMs affected

Nearly half (45%) of AI-generated code contains security flaws despite appearing production-ready, new research from Veracode ...
Android3y

Python Shores up Security with Fresh Approach to 2FA Protection

Announced in early July, the security-driven consideration has been largely well received by Python’s community members, although one well-known developer opted to delete their code from PyPI ...
Ars Technica2y

Excel gets containerized, cloud-based Python analytics and ...

It will be interesting to see how Python’s integration into Excel works out. It’s a very specialized, cloud-hosted, and seemingly containerized and secured code offering.
ZDNet5y

Microsoft: Application Inspector is now open source, so use it ... - ZDNET

Microsoft offers up the security tool it uses to probe untrusted third-party software components in its applications.