The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
How-To Geek on MSN

Stop crashing your Python scripts: How to handle massive datasets on any laptop

How chunked arrays turned a frozen machine into a finished climate model ...
InfoWorld

Python picks up speed with a new JIT

Python’s new JIT compiler might be the biggest speed boost we’ve seen in a while, but it’s not without bumps. Get that news ...

Python libraries used in top AI and ML tools hacked - Nvidia, Salesforce and other libraries all at risk

Security researchers from Palo Alto Networks have discovered vulnerabilities used in some top Artificial Intelligence (AI) ...
Dark Reading

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.
IEEE

Detecting Python Malware in the Software Supply Chain with Program Analysis

Abstract: The frequency of supply-chain attacks has reached unprecedented levels, amounting to a growing concern about the security of open-source software. Existing state-of-the-art techniques often ...
The Verge

Python Software Foundation turns down $1.5 million NSF grant because of the anti-DEI strings attached.

A PSF proposal to address vulnerabilities in Python and PyPi was recommended for funding, but it was declined because the terms barred “any programs that advance or promote DEI, or discriminatory ...