InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
C&EN

FibrilGen: A Python Package for Atomistic Modeling of Peptide β-Sheet Nanostructures

Department of Materials, Manchester Institute of Biotechnology, School of Natural Sciences, Faculty of Science and Engineering, The University of Manchester, Oxford Road, Manchester M13 9PL, United ...
Infosecurity-magazine.com

Open Source Community Thwarts Massive npm Supply Chain Attack

A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8, Josh Junon, a developer with over 1800 GitHub ...
C&EN

DynamiSpectra: A Python Software Package and Web Platform for Molecular Dynamics Data Analysis in Computational Biology

Keizo Asami Institute, iLIKA, Federal University of Pernambuco, Recife, Pernambuco 50670-901, Brazil Graduate Program in Biology Applied to Health, PPGBAS, Federal University of Pernambuco, Recife, ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
Geeky Gadgets

MicroPython Package Installer for Arduino : Simplifying Library Management

Managing libraries for Arduino boards has traditionally been a time-consuming and error-prone process. Developers often had to manually search for, download, and configure libraries, which could be ...
InfoWorld

Software bill-of-materials docs eyed for Python packages

Python enhancement proposal would incorporate SBOM documents in Python packages as a way to improve dependency tracking and vulnerability analysis. Software bill-of-materials (SBOM) documents would be ...
Infosecurity-magazine.com

New Attacks Exploit VSCode Extensions and npm Packages

A recent investigation by security researchers has revealed a troubling surge in malicious campaigns exploiting popular development tools, including VSCode extensions and npm packages. These campaigns ...