LiteLLM PyPI Package With 95 Million Downloads Compromised by TeamPCP Hackers
A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests...
Critical Vulnerability in Python PLY Library Enables Remote Code Execution – PoC Published
A critical vulnerability has been identified in the PyPI-distributed version of PLY (Python Lex-Yacc) 3.11, allowing arbitrary code execution through unsafe deserialization of untrusted...
Most Important Python Security Tools for Ethical Hackers & Penetration Testers 2026
Python ranks among the most popular languages in cybersecurity for building penetration testing tools, powering everything from vulnerability scanners to exploit frameworks. Professionals in...
7 Malicious PyPI Packages Abuse Gmail’s SMTP Protocol to Execute Malicious Commands
A sophisticated software supply chain attack leveraging Python Package Index (PyPI) repositories to deploy malware using Google's SMTP infrastructure as a command-and-control mechanism.
The campaign...
Python JSON Logger Vulnerability Allows Remote Code Execution – PoC Released
A critical vulnerability in the widely-used python-json-logger library has been identified, potentially allowing attackers to execute arbitrary code on affected systems.
The flaw, tracked as...
Python Officially Unveils New Standard Lock File Format to Improve Security
Python has officially standardized a lock file format with the acceptance of PEP 751 marking a significant milestone for the Python packaging ecosystem.
The new...
New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens
Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python's official third-party software repository.
This latest attack vector...
Popular Python Library Vulnerability Exposes 43 million Installations to Code Execution Attacks
A recently disclosed vulnerability in the widely used Python JSON Logger library has exposed an estimated 43 million installations to potential remote code execution...
Critical MITRE Caldera Vulnerability Let Attackers Execute Remote Code – PoC Released
A critical remote code execution (RCE) vulnerability (CVE-2025–27364) has been identified in all versions of MITRE Caldera prior to commit 35bc06e, exposing systems to...
Two New Malicious PyPI Packages Attacking Users to Steal Login Details
Two malicious Python Package Index (PyPI) packages: Zebo-0.1.0 and Cometlogger-0.1, have been identified, posing a significant threat to user security.
These packages, uploaded in November 2024, exploit...
