python Archives

Hades-Themed “Mini Shai-Hulud” Worm Hits PyPI in Latest Open Source Supply Chain Attack

John Joseph Javier | June 9, 2026 | Cyber threats and incidents, python, Python Package Index

What happened Threat actors have launched a new wave of supply chain attacks against the Python Package Index (PyPI), distributing malicious packages as part of an evolving campaign linked to the Shai-Hulud ...

CISO Whisperer

Image with text "Pytorch Lightning Compromised" with icon of a skull next to it

Malicious PyTorch Lightning Packages Found on PyPI

Sonatype Security Research Team | April 30, 2026 | Malware, Malware Analysis, open-source malware, PyPI, pypi vulnerability, python

TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April ...

2024 Sonatype Blog

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

Sonatype Security Research Team | March 24, 2026 | AI, LLMs, Malware, Malware Analysis, PyPI, python, Security Research, Sonatype Guide, Sonatype Research

This morning, the widely used Python package litellm, a popular abstraction layer for interacting with large language models (LLMs), was compromised and two malicious versions released (1.82.7 and 1.82.8) ...

2024 Sonatype Blog

Arcjet Python SDK Sinks Teeth Into Application-Layer Security

Adrian Bridgwater | January 15, 2026 | API security, Application Security, Cloud Security, data protection, IT Security and Data Protection, Phishing, python

A new Arcjet SDK lets Python teams embed bot protection, rate limiting, and abuse prevention directly into application code ...

Security Boulevard

Text Detection and Extraction From Images Using OCR in Python

SSOJet - Enterprise SSO & Identity Solutions | October 13, 2025 | Automation, Image Processing, OCR, python, Python OCR

Learn how to detect and extract text from images and scanned files using Python and OCR. Step-by-step guide for developers and automation enthusiasts ...

SSOJet - Enterprise SSO & Identity Solutions

Insights from the DeepSeek Malicious Software Package Incident: Why Software Supply Chain Security Matters in Global AI Technology Competition

NSFOCUS | February 11, 2025 | AI, AI data, AI Security, api, artificial intelligentce, ATT&CK, Blog, China AI, DeepSeek, NSFOCUS, python, supply chain

Background With the widespread application of AI technology, software supply chains are facing more complex and diverse security threats. Since January 2025, DeepSeek, as an emerging force in China’s AI industry, has ...

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Critical OpenWrt Bug: Update Your Gear!

Richi Jennings | December 10, 2024 | Automatic Update, automatic updates, CVE-2024-54143, IoT firmware, Malicious Firmware Updates, OpenWrt, python, RyotaK, SB Blogwatch

ASU 48-bit trash hash: Open source router firmware project fixes dusty old code ...

Security Boulevard

email, attacks, Google Yahoo spam Proofpoint spoofed phishing

Defending Against Email Attachment Scams

Gaurav Mittal | December 4, 2024 | aws, Email Attachment Security, Pyminizip, python, Signed URL

One of the most alarming methods of attack involves intercepting email attachments during transit, resulting in the theft of personally identifiable information (PII) and other sensitive data ...

Security Boulevard

OpenSSH regreSSHion Vulnerability

David Michael Berry | July 3, 2024 | CVE-2024-6387, Cybersecurity, David Michael Berry, Linux, Nmap, python, security, technology, Uncategorized, vulnerability

…and…How AI Can Revolutionize Code and Regression Testing Introduction Artificial Intelligence (AI) is transforming numerous industries, and software development is no exception. One of the critical areas where AI can make a ...

Berry Networks

Malicious PyPI Package ‘Pytoileur’ Targets Windows and Leverages Stack Overflow for Distribution

Steven J. Vaughan-Nichols | May 29, 2024 | Malware, PyPI, python, Sonatype, windows malware

Another day, another PyPI malware package. But this one has a new way to (try to) sneak into your computer ...

Security Boulevard

python

Hades-Themed “Mini Shai-Hulud” Worm Hits PyPI in Latest Open Source Supply Chain Attack

Malicious PyTorch Lightning Packages Found on PyPI

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

Arcjet Python SDK Sinks Teeth Into Application-Layer Security

Text Detection and Extraction From Images Using OCR in Python

Insights from the DeepSeek Malicious Software Package Incident: Why Software Supply Chain Security Matters in Global AI Technology Competition

Critical OpenWrt Bug: Update Your Gear!

Defending Against Email Attachment Scams

OpenSSH regreSSHion Vulnerability

Malicious PyPI Package ‘Pytoileur’ Targets Windows and Leverages Stack Overflow for Distribution

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On