News

CSOonline2y
Attackers use Python compiled bytecode to evade detection
“If so, it poses yet another supply-chain risk going forward, since this type of attack is likely to be missed by most security tools, which only scan Python source code (PY) files.” The vast ...
CSO Online1d
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...
theregister2y
This malicious PyPI package mixed source and compiled code to dodge detection
"If so, it poses yet another supply chain risk going forward, since this type of attack is likely to be missed by most security tools, which only scan Python source code (PY) files." It's a worrying ...
Infosecurity-magazine.com2y
Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
The method introduces another supply chain vulnerability for the future, as most security tools solely scan Python source code (PY) files, making them susceptible to missing such attacks. Zanki said ...
Bleeping Computer2y
GitHub makes it easier to scan your code for vulnerabilities
which powers GitHub's code scanning, comes with support for many languages and compilers, the new option only shows up for Python, JavaScript, and Ruby repositories. Product marketing manager ...