Python Archives • Page 3 of 5 • Daily CyberSecurity

Critical Python Tarfile Flaw (CVE-2025-4517, CVSS 9.4): Arbitrary File Write, PoC Available Python Tarfile, Path Traversal

Critical Python Tarfile Flaw (CVE-2025-4517, CVSS 9.4): Arbitrary File Write, PoC Available

Do Son June 23, 2025

A newly disclosed vulnerability in Python’s tarfile module—CVE-2025-4517—has exposed a critical security risk that allows attackers to...

Banana Squad Strikes Again: 60+ GitHub Repositories Trojanized in New Software Supply Chain Attack

Do Son June 20, 2025

A newly uncovered software supply chain campaign by the threat group Banana Squad has compromised more than...

Python Protobuf Flaw Allows DoS Via Nested Messages Python Protobuf, DoS Vulnerability

Python Protobuf Flaw Allows DoS Via Nested Messages

Do Son June 18, 2025

A high-severity vulnerability has been uncovered in the pure-Python backend of Google’s Protocol Buffers (protobuf), potentially allowing...

CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible! CPython Vulnerabilities, Python Tarfile CVE-2025-4517

CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible!

Do Son June 5, 2025

The CPython project has issued a security advisory addressing five vulnerabilities—including one CRITICAL and three HIGH-severity flaws—affecting...

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching PyPI Supply Chain, Solana Theft

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching

Do Son June 2, 2025

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack on the Python Package Index (PyPI)...

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE Langroid vulnerability, LLM agent exploit

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE

Do Son May 22, 2025

Researchers have disclosed two critical vulnerabilities in Langroid, a popular Python framework designed for building large language...

setuptools Flaw Exposes Millions of Python Users to RCE setuptools vulnerability, Python RCE

setuptools Flaw Exposes Millions of Python Users to RCE

Do Son May 21, 2025

The Python Packaging Authority (PyPA) has patched a serious path traversal vulnerability in the widely-used setuptools project....

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287) Tornado DoS CVE-2025-47287

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287)

Do Son May 19, 2025

A newly disclosed vulnerability in the Tornado Python web framework, tracked as CVE-2025-47287, exposes applications to a...

High-Risk Flaw in Python Web Framework Reflex Could Lead to Account Takeover Reflex security Python framework vulnerability

High-Risk Flaw in Python Web Framework Reflex Could Lead to Account Takeover

Do Son May 19, 2025

A serious security flaw has been identified in the Reflex open-source framework, a tool used to build...

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels Python malware, Gmail C2

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels

Do Son May 2, 2025

In a detailed technical report, Socket’s Threat Research Team uncovered seven malicious Python packages published to the...

Discord Used as C2 for Stealthy Python-Based RAT Discord RAT, Python malware

Discord Used as C2 for Stealthy Python-Based RAT

Do Son April 29, 2025

In a detailed report by Cyfirma, researchers have uncovered a Python-based Remote Access Trojan (RAT) that leverages...

SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks SocGholish, RansomHub

SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks

Do Son April 28, 2025

The eSentire’s Threat Response Unit (TRU) discovered a sophisticated cyberattack campaign linking SocGholish (also known as FakeUpdates)...

CVE-2025-43859: Request Smuggling Vulnerability in Python’s h11 HTTP Library Request Smuggling h11 vulnerability

CVE-2025-43859: Request Smuggling Vulnerability in Python’s h11 HTTP Library

Do Son April 27, 2025

A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library...

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature Project Quarantine PyPI Security Privilege Escalation

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature

Do Son April 15, 2025

On April 14, 2025, the Python Package Index (PyPI) team swiftly addressed a security concern involving persisting...

AkiraBot: AI-Powered Spam Bot Floods Websites with Personalized Messages AkiraBot AI Spam

AkiraBot: AI-Powered Spam Bot Floods Websites with Personalized Messages

Do Son April 12, 2025

Spammers are constantly adapting their tactics to exploit new digital communication channels. A recent report by SentinelLABS...

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration

Do Son March 24, 2025

vLLM, a popular library for Large Language Model (LLM) inference and serving, has recently addressed a critical...

Popular Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607)

Do Son March 9, 2025

A critical vulnerability has been discovered in ‘python-json-logger’, a popular Python library used for generating JSON logs....

Massive Cyber Campaign Exploits 4,000 ISP IPs in the U.S. and China for Credential Theft and Cryptojacking ISP Infostealer Campaign

Massive Cyber Campaign Exploits 4,000 ISP IPs in the U.S. and China for Credential Theft and Cryptojacking

Do Son March 6, 2025

A new cybersecurity report from The Splunk Threat Research Team has uncovered a widespread infostealer and cryptomining...

GitVenom Campaign: Malicious GitHub Repositories Target Crypto and Credentials

Do Son February 24, 2025

Security researchers at Kaspersky Labs have uncovered a large-scale cybercrime campaign, dubbed GitVenom, that targets GitHub users...

CVE-2025-1077 (CVSSv4 9.5): Critical RCE Vulnerability Found in Visual Weather Products

Do Son February 10, 2025

IBL Software Engineering has issued a security advisory regarding a critical Remote Code Execution (RCE) vulnerability affecting...

Critical Alert 1 Active Exploit Detected Today