Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

A serious security vulnerability in a widely used open-source Python component could put a large number of AI agents and platforms at risk.  The ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure.

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as ...

Aqua Security’s Trivy vulnerability scanner compromise is trickling down When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Popular Python package ...

Google is working to fix a problem with its API keys after security researchers pointed out possible misuse. This is because the keys for accessing Google's cloud services, such as Maps or Firebase, ...

Already using NumPy, Pandas, and Scikit-learn? Here are seven more powerful data wrangling tools that deserve a place in your toolkit. Python’s rich ecosystem of data science tools is a big draw for ...

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...