GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...
archive

Automate the boring stuff with Python : practical programming for total beginners

remove-circle Internet Archive's in-browser bookreader "theater" requires JavaScript to be enabled. It appears your browser does not have it turned on. Please see ...
theregister

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes ...
InfoWorld

The best new features and fixes in Python 3.14

Official support for free-threaded Python, and free-threaded improvements Python’s free-threaded build promises true parallelism for threads in Python programs by removing the Global Interpreter Lock ...
The Hacker News

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. "Available in both Python and C variants, ...
Analytics Insight

10 Must-Know Python Libraries for 2025

The right Python libraries can dramatically improve speed, efficiency, and maintainability in 2025 projects. Mastering a mix of data, AI, and web-focused libraries ensures adaptability across multiple ...
GitHub

diffpy.srreal

Calculators for PDF, bond valence sum, and other quantities based on atom pair interaction. The diffpy.srreal package provides calculators for atomic pair distribution function (PDF), bond valence ...
Frontiers

osl-ephys: a Python toolbox for the analysis of electrophysiology data

We describe OHBA Software Library for the analysis of electrophysiology data (osl-ephys). This toolbox builds on top of the widely used MNE-Python package and provides unique analysis tools for ...
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...
CSOonline

Python administrator moves to improve software security

The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to ...