Python Archives • Page 3 of 5 • Daily CyberSecurity

CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible! CPython Vulnerabilities, Python Tarfile CVE-2025-4517

CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible!

Do Son June 5, 2025

The CPython project has issued a security advisory addressing five vulnerabilities—including one CRITICAL and three HIGH-severity flaws—affecting...

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching PyPI Supply Chain, Solana Theft

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching

Do Son June 2, 2025

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack on the Python Package Index (PyPI)...

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE Langroid vulnerability, LLM agent exploit

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE

Do Son May 22, 2025

Researchers have disclosed two critical vulnerabilities in Langroid, a popular Python framework designed for building large language...

setuptools Flaw Exposes Millions of Python Users to RCE setuptools vulnerability, Python RCE

setuptools Flaw Exposes Millions of Python Users to RCE

Do Son May 21, 2025

The Python Packaging Authority (PyPA) has patched a serious path traversal vulnerability in the widely-used setuptools project....

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287) Tornado DoS CVE-2025-47287

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287)

Do Son May 19, 2025

A newly disclosed vulnerability in the Tornado Python web framework, tracked as CVE-2025-47287, exposes applications to a...

High-Risk Flaw in Python Web Framework Reflex Could Lead to Account Takeover Reflex security Python framework vulnerability

High-Risk Flaw in Python Web Framework Reflex Could Lead to Account Takeover

Do Son May 19, 2025

A serious security flaw has been identified in the Reflex open-source framework, a tool used to build...

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels Python malware, Gmail C2

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels

Do Son May 2, 2025

In a detailed technical report, Socket’s Threat Research Team uncovered seven malicious Python packages published to the...

Discord Used as C2 for Stealthy Python-Based RAT Discord RAT, Python malware

Discord Used as C2 for Stealthy Python-Based RAT

Do Son April 29, 2025

In a detailed report by Cyfirma, researchers have uncovered a Python-based Remote Access Trojan (RAT) that leverages...

SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks SocGholish, RansomHub

SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks

Do Son April 28, 2025

The eSentire’s Threat Response Unit (TRU) discovered a sophisticated cyberattack campaign linking SocGholish (also known as FakeUpdates)...

CVE-2025-43859: Request Smuggling Vulnerability in Python’s h11 HTTP Library Request Smuggling h11 vulnerability

CVE-2025-43859: Request Smuggling Vulnerability in Python’s h11 HTTP Library

Do Son April 27, 2025

A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library...

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature Project Quarantine PyPI Security Privilege Escalation

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature

Do Son April 15, 2025

On April 14, 2025, the Python Package Index (PyPI) team swiftly addressed a security concern involving persisting...

AkiraBot: AI-Powered Spam Bot Floods Websites with Personalized Messages AkiraBot AI Spam

AkiraBot: AI-Powered Spam Bot Floods Websites with Personalized Messages

Do Son April 12, 2025

Spammers are constantly adapting their tactics to exploit new digital communication channels. A recent report by SentinelLABS...

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration

Do Son March 24, 2025

vLLM, a popular library for Large Language Model (LLM) inference and serving, has recently addressed a critical...

Popular Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607)

Do Son March 9, 2025

A critical vulnerability has been discovered in ‘python-json-logger’, a popular Python library used for generating JSON logs....

Massive Cyber Campaign Exploits 4,000 ISP IPs in the U.S. and China for Credential Theft and Cryptojacking ISP Infostealer Campaign

Massive Cyber Campaign Exploits 4,000 ISP IPs in the U.S. and China for Credential Theft and Cryptojacking

Do Son March 6, 2025

A new cybersecurity report from The Splunk Threat Research Team has uncovered a widespread infostealer and cryptomining...

GitVenom Campaign: Malicious GitHub Repositories Target Crypto and Credentials

Do Son February 24, 2025

Security researchers at Kaspersky Labs have uncovered a large-scale cybercrime campaign, dubbed GitVenom, that targets GitHub users...

CVE-2025-1077 (CVSSv4 9.5): Critical RCE Vulnerability Found in Visual Weather Products

Do Son February 10, 2025

IBL Software Engineering has issued a security advisory regarding a critical Remote Code Execution (RCE) vulnerability affecting...

AsyncRAT Rises Again: Malware Abuses Legitimate Services for Stealthy Delivery AsyncRAT Delivery

AsyncRAT Rises Again: Malware Abuses Legitimate Services for Stealthy Delivery

Do Son February 7, 2025

Forcepoint X-Labs exposes a new campaign utilizing Python, TryCloudflare, and Dropbox to spread the notorious AsyncRAT. The...

RedCurl APT Group: Cyber Espionage with Living-Off-the-Land Techniques WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

RedCurl APT Group: Cyber Espionage with Living-Off-the-Land Techniques

Do Son January 12, 2025

The RedCurl Advanced Persistent Threat (APT) group, also known as Earth Kapre or Red Wolf, has resurfaced...

Project Quarantine: PyPI’s New Line of Defense Against Malware Project Quarantine PyPI Security Privilege Escalation

Project Quarantine: PyPI’s New Line of Defense Against Malware

Do Son January 2, 2025

In a significant stride toward enhancing security in the Python ecosystem, the Python Package Index (PyPI) has...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Python

CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible!

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE

setuptools Flaw Exposes Millions of Python Users to RCE

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287)

High-Risk Flaw in Python Web Framework Reflex Could Lead to Account Takeover

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels

Discord Used as C2 for Stealthy Python-Based RAT

SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks

CVE-2025-43859: Request Smuggling Vulnerability in Python’s h11 HTTP Library

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature

AkiraBot: AI-Powered Spam Bot Floods Websites with Personalized Messages

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration

Popular Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607)

Massive Cyber Campaign Exploits 4,000 ISP IPs in the U.S. and China for Credential Theft and Cryptojacking

GitVenom Campaign: Malicious GitHub Repositories Target Crypto and Credentials

CVE-2025-1077 (CVSSv4 9.5): Critical RCE Vulnerability Found in Visual Weather Products

AsyncRAT Rises Again: Malware Abuses Legitimate Services for Stealthy Delivery

RedCurl APT Group: Cyber Espionage with Living-Off-the-Land Techniques

Project Quarantine: PyPI’s New Line of Defense Against Malware