The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
GitHub

Python 3.12 backport for Debian 12 bookworm

The aim of this project is to provide a Python 3.12 backport to Debian bookworm. Packages are of course much better manageable than compiling the source from scratch. In my opinion it is also more ...
GitHub

Automated publisher for the Interactive Brokers TWS API Python client on PyPI.

This is an unofficial automated publisher for the Interactive Brokers TWS API Python client. The source code is from Interactive Brokers' official TWS API distribution, packaged and published to PyPI ...
SecurityWeek

Chainlit Vulnerabilities May Leak Sensitive Information

Vulnerabilities in Chainlit could be exploited without user interaction to exfiltrate environment variables, credentials, ...
Dark Reading

Vulnerabilities Threaten to Break Chainlit AI Framework

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.
Security Boulevard

Arcjet Python SDK Sinks Teeth Into Application-Layer Security

A new Arcjet SDK lets Python teams embed bot protection, rate limiting, and abuse prevention directly into application code.
theregister

Anthropic finds $1.5 million to help Python Foundation improve security

The Python Software Foundation (PSF) has an extra $1.5 million heading its way, after AI upstart Anthropic entered into a partnership aimed at improving security in the Python ecosystem. “This ...
IEEE

PyRoboCOP: Python-Based Robotic Control and Optimization Package for Manipulation and Collision Avoidance

Abstract: Contacts are central to most manipulation tasks as they provide additional dexterity to robots to perform challenging tasks. However, frictional contacts leads to complex complementarity ...