News

ZDNet1y
Developers, watch your code: Official Python repository spread malicious projects
As well as continuing to abuse the open-source W4SP ... Given how widespread Python is, developers should vet any third-party code they use before adding it to their projects.
CSO Online1d
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...
AI coding assistants are getting ever more popular - especially in this country
Nearly one-third of code is written by AI, but the research only covers developers in this one country using this one ...
Infosecurity Magazine2d
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs
Discovered by ReversingLabs, the campaign reflects a shift in open-source software supply chain attacks. While overall ...
InfoWorld1y
6 generative AI Python projects to run now
And because author Michael Weiss posted the repo under the permissive MIT open source ... For the Python, I mostly used code from the Llamaindex sample notebook. As with previous projects, I ...
CSOonline2y
Attackers use Python compiled bytecode to evade detection
Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from ... accounts and projects on PyPI ...
Bleeping Computer2y
Unpatched 15-year old Python bug allows code execution in 350k projects
The vulnerability is in the Python tarfile package, in code that uses un-sanitized ... was present in thousands of software projects, both open and closed source. The researchers scraped a set ...
TechRepublic2y
350,000 open source projects at risk from Python vulnerability
Cybersecurity company Trellix announced Wednesday that a known Python vulnerability ... Trellix is working to push code via GitHub pull request to protect open-source projects from the vulnerability.
Bleeping Computer2y
PyPI mandates 2FA for critical projects, developer pushes back
On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects ... of a popular Python project decided to delete his code from PyPI and republish ...
Visual Studio Magazine2y
Python: VS Code Update, Why It's So Popular (& Famous Easter Egg)
He posts twice-monthly, step-by-step, full-source-code, project posts such as: And as far as the name of the Pylance tool, the third-most popular extension, the dev team in 2020 explained: "The name ...
Hosted on MSN1mon
Microsoft CEO Satya Nadella says AI generates 'fantastic' Python code, and that it now creates 'maybe 20 - 30% of the code ... in some of our projects'
In a fireside chat with Meta CEO Mark Zuckerberg at Llamacon, Nadella said, "I'd say maybe 20 to 30 percent of the code that is inside of our repos today in some of our projects are probably all w ...
Computer Weekly2y
15-year-old Python bug present in 350,000 open source projects
A 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain ...