News

InfoWorld3mon
Understand Python’s new lock file format - InfoWorld
The newly approved Python Enhancement Proposal 751 gives Python a standard lock file format for specifying the dependencies of projects. Here’s the what, why, and when.
CSOonline1y
Python GitHub token leak shows binary files can burn developers too
What Durbin didn’t realize was that the token was also included in .pyc (Python compiled bytecode) files generated as part of the build process, and that those files, stored in the __pycache__ ...
IT World Canada2y
Cyber Security Today, June 2, 2023 – New way of compromising PyPI ...
A new way of compromising the PyPI repository is found, a warning for MOVEit file transfer users, and more. Welcome to Cyber Security Today. It's Friday, June 2nd, 2023. I'm Howard Solomon ...
CSOonline10mon
Fake recruitment campaign targets developers using trojanized Python ...
Compared to the similar Node.js campaign reported by Securonix, in this case, attackers stored the malicious code in Python bytecode (PYC) files.
Dark Reading2y
Novel PyPI Malware Uses Compiled Python Bytecode to Evade Detection
PyPI doesn't yet account for malware hidden in bytecode, Benge explains, because "over the last decade, these files have gotten increasingly more complicated and huge. It's really slow, often, to ...
Infosecurity-magazine.com2y
Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
According to ReversingLabs reverse engineer Karlo Zanki, this could be the first instance of a supply chain attack capitalizing on the direct execution capability of Python byte code (PYC) files. The ...