Browsing Tag
Python
32 posts
BentoML Vulnerability Allows Remote Code Execution on AI Servers
TL;DR: A critical deserialization vulnerability (CVSS 9.8 – CVE-2025-27520) in BentoML (v1.3.8–1.4.2) lets attackers execute remote code without…
Picklescan Vulnerabilities Could Let Hackers Bypass AI Security Checks
Sonatype researchers uncover critical vulnerabilities in picklescan. Learn how these flaws impact AI model security, Hugging Face, and…
Hackers Hide Malware in Fake DeepSeek PyPI Packages
Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.
Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data
Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself
Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner
Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats.
Ultralytics AI Library with 60M Downloads Compromised for Cryptomining
Another day, another supply chain attack!
“aiocpa” Python Package Exposed as Cryptocurrency Infostealer
SUMMARY The machine learning-based threat-hunting system of leading threat intelligence and cybersecurity firm ReversingLabs (RL) recently detected malicious…
How Python Software Development Enhances Cyber Defense
Python has emerged as a powerful ally in combating rising cybersecurity threats and tracking cybercrime through tools leveraging…
Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years
The malicious Python package “Fabrice” on PyPI mimics the “Fabric” library to steal AWS credentials, affecting thousands. Learn how…
New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys
Checkmarx researchers discovered PyPI malware posing as crypto wallet tools. These malicious packages stole private keys and recovery…