ZDNet

Python programming language: Google funds projects aimed at supply-chain security

Python is critically important to both Google Cloud and, therefore, to users of Google Cloud, and is also used by the search engine giant internally to power many of its core products and services.
Threat Post

Cryptominers Slither into Python Projects in Supply-Chain Campaign

These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications. A group of cryptominers was found to have infiltrated the Python Package ...
Dark Reading

15-Year-Old Python Flaw Slithers into Software Worldwide

A 15-year-old flaw in the Python open source programming language has remained unpatched in many places, making its way into hundreds of thousands of both open source and closed source projects ...
Forbes

Model Supply Chain Poisoning: Threats And Mitigation Strategies

Syed Quiser Ahmed is AVP, Global Head of Responsible AI at Infosys, a global leader in next-generation digital services and consulting. Between December 25 and 30, 2022, we ran pip install torchtriton ...
Bleeping Computer

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. The technique ...