Anthropic has partnered with the Python Software Foundation, providing $1.5 million to improve security in the Python ecosystem. This funding aims to protect users from supply-chain attacks and may benefit other open-source projects as well.

Anthropic has committed $1.5 million to the Python Software Foundation to enhance security in the Python ecosystem, focusing on protecting users from supply-chain attacks. The funding will support new tools for package review and strengthen the PSF's ongoing community efforts.

Researchers found insecure bootstrap scripts in legacy Python packages that could allow attackers to exploit a domain takeover. The scripts fetch an outdated installation package from a now-available domain, which poses a risk of executing malicious code. Some affected packages have removed the scripts, but others, like slapos.core, still include them.

A serious vulnerability in n8n allows authenticated users to execute arbitrary commands on the host system. This flaw, tracked as CVE-2025-68668, affects versions 1.0.0 to just before 2.0.0 and has been fixed in the latest release. Users are advised to implement specific workarounds until they upgrade.

RestrictedPython allows you to run a limited subset of Python code in a controlled environment. It helps execute untrusted code safely but is not a full sandbox. The tool only works with CPython, not with other Python implementations.

SpiderFoot is an open-source OSINT automation tool that offers a comprehensive suite of over 200 modules for data analysis, allowing users to gather and navigate information about various entities like IP addresses, domains, and more. It features both a web-based UI and command-line interface, integrates with numerous APIs, and provides visualizations and extensive documentation, making it a powerful resource for both offensive and defensive intelligence operations. Additionally, SpiderFoot HX offers a cloud-based version with enhanced features for collaborative investigations and monitoring.

Malicious packages on the Python Package Index (PyPI) have been identified that deliver the SilentSync remote access Trojan (RAT) to unsuspecting users. These packages exploit the trust developers place in PyPI for downloading dependencies, highlighting the need for vigilance and security measures in the Python ecosystem.

Eric J. Ma explores a technique in Python that allows for dynamically changing a function's source code at runtime using the `compile` and `exec` functions. This method can enhance AI bots like ToolBot by enabling them to generate and execute code with access to the current environment, although it also presents significant security risks.

The article discusses methods for executing Python code dynamically, focusing on the use of the `exec()` function. It highlights potential security risks associated with executing arbitrary code and suggests best practices for mitigating these risks, such as using restricted execution environments. Additionally, the article provides examples of scenarios where code execution might be necessary, like in educational tools or interactive applications.

A Python proof-of-concept script allows users to dump sensitive files such as SAM, SYSTEM, and NTDS.dit from a physical disk without triggering security alerts by bypassing standard Windows file APIs. It operates by directly reading NTFS filesystem structures, obfuscating the output with XOR encryption to avoid detection by EDR/AV systems. This tool is intended for educational purposes only and should be used in a controlled test environment.

Chainguard has announced the launch of Chainguard Libraries, a new initiative aimed at providing malware-resistant dependencies for Python projects. These libraries are constructed securely from source, enhancing the overall security posture of Python applications by reducing vulnerabilities associated with third-party dependencies.

A Python library named YARA-AST enables users to parse and manipulate YARA rules using Abstract Syntax Trees, boasting a 100% parsing success rate across over 273,000 tested rules. It supports various syntaxes including YARA-L and YARA-X, and offers advanced features like hex wildcards, regex modifiers, and compatibility with VirusTotal modules. The library facilitates syntax validation, formatting, and performance optimization, making it highly versatile for threat detection and analysis.

As cloud services like AWS make AI and machine learning more accessible, the use of Python's pickle module for serialization presents security risks, particularly when deserializing data from untrusted sources. The article emphasizes best practices for secure pickling, including using alternative serialization formats, implementing integrity checks, and utilizing static code analysis tools to detect unsafe patterns in code.

Twyn is a security tool designed to protect against typosquatting attacks by comparing package names in your dependencies against a list of popular packages. It offers various scanning options, supports multiple dependency file formats, and allows users to customize configurations, including an allowlist for legitimate packages that may trigger false positives. Twyn can be installed via PyPi and used through the command line or as a library in projects.

KubeForenSys is a Python tool designed to collect data from Kubernetes clusters, particularly Azure Kubernetes Service, and send it to Azure Log Analytics for post-compromise analysis. It gathers various data types such as pod logs, Kubernetes events, command histories, and suspicious pod detections, while also automating the provisioning of necessary Azure resources. Users can customize the data collection parameters and ensure proper access and configurations for effective operation.

ATEAM is a Python tool designed for reconnaissance of Azure services, enabling security researchers and Azure administrators to discover resources and tenant ownership information. It supports multi-threaded scanning, DNS validation, and exports results in various formats while utilizing an SQLite database for persistent storage of findings.

Pyarmor is a command-line tool for obfuscating Python scripts, enabling features like binding scripts to specific machines and setting expiration dates. It offers various obfuscation methods, including function conversion to C for enhanced security, and supports multiple platforms such as Windows, Linux, and macOS. Users can install it via pip and find additional resources in its documentation and support systems.

Pipask is a secure alternative to pip for installing Python packages, performing essential security checks before allowing installations. It retrieves metadata from PyPI to minimize risks and requests user consent for executing any third-party code, ensuring a safer package management experience. Users can install it via pipx or pip and replace pip with pipask for convenience.

The article discusses the discovery of backdoors in various Python npm packages, highlighting the security risks posed to both Windows and Linux systems. It emphasizes the need for developers and users to be vigilant when using third-party packages, as malicious code can lead to significant vulnerabilities.

Template strings, or t-strings, have been introduced in Python 3.14 to enhance string processing by providing a safer and more flexible alternative to f-strings. They allow developers to differentiate between static and dynamic parts of strings, reducing security vulnerabilities like SQL injection and enabling advanced string manipulation. The article discusses the syntax and functionality of t-strings, along with potential real-world applications and future developments in Python's string processing capabilities.

AWS is preparing for potential quantum computing threats by implementing post-quantum Transport Layer Security (PQ TLS) using ML-KEM. The article provides a guide on testing PQ TLS in Python applications through a container setup that includes OpenSSL 3.5, enabling users to establish secure connections and validate their network configurations. It encourages developers to vet their applications to ensure readiness for future PQ TLS migrations.