WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
Dark Reading

Malicious Python Package Relies on Steganography to Download Malware

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index ...
InfoWorld

Software bill-of-materials docs eyed for Python packages

Python enhancement proposal would incorporate SBOM documents in Python packages as a way to improve dependency tracking and vulnerability analysis. Software bill-of-materials (SBOM) documents would be ...
InfoWorld

Wasmer beefs up Python support

WebAssembly runtime introduces experimental async API and support for dynamic linking in WASIX, enabling much broader support ...