Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

Veracode, the global leader in application risk management, today announced significant platform innovations introduced through the second half of 2025. Headlining the release is Package Firewall, an ...

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

通过这次大规模调查，研究团队揭示了一个令人震惊的现实：超过四分之一（26.1%）的技能包存在至少一种安全漏洞。更具体地说，他们发现了14种不同的漏洞模式，可以归纳为四大类威胁：恶意指令注入、数据窃取、权限提升和供应链攻击。