أداة طرفية واحدة تجمع مهام متعددة في بايثون. توفر void tools قدرات OSINT، أدوات للشبكات، ولوحة TUI مبنية بـ Rich، مع التأكيد أن الاستخدام تعليمي فقط. One Python terminal tool for security learning. void tools combines OSINT workflows, network utilities, and a Rich powered TUI dashboard. Built for educational use only. github.com/v0id4real/Void-To… #OSINT #PythonSecurity #NetworkUtilities

تنبيه مهم لمطوري بايثون هجوم Hades على PyPI كشف تسميم 19 حزمة لتشغيل سارق بيانات اعتماد مبني على Bun تلقائياً. الدرس واضح: التحقق من الحزم قبل التثبيت أصبح ضرورة أمنية. Supply chain risk is accelerating. The Hades PyPI attack poisoned 19 packages to auto execute a Bun based credential stealer. Dependency checks, package reputation, and install scripts deserve closer review. thehackernews.com/2026/06/ha… #PyPI #PythonSecurity #SoftwareSupplyChain

asking your ai for a fastapi backend? check the requirements.txt before you pip install. the model loves inventing deps like fastapi-mongodb-helper that sound real and don’t exist, until an attacker registers the name and packs it with malware. that’s slopsquatting. verify every dependency against a live registry first. #slopsquatting #supplychain #pythonsecurity

Researchers just exposed DEEP#DOOR, a Python backdoor that steals browser & cloud credentials via tunneling, what's the most effective way to block such batch scripts from disabling Windows security controls? #cybersecurity #infosec #pythonsecurity

Unauthenticated RCE in marimo (CVE-2026-39987) exploited in the wild in record time. Attackers gained root access in under 10 hours. Patch to v0.23.0 now! #marimo #PythonSecurity #RCE #InfoSec #CVE202639987 #ZeroDay securityonline.info/marimo-t…

We May Have Finally Fixed Python’s 25-Year-Old Vulnerability #PythonSecurity #PickleModule #ContextTainting #Deserialization #VulnerabilityFix iyehuda.substack.com/p/we-ma…

Python isn’t just for devs. It powers network scanning, web security, forensics & automation. Free PDF: Mastering Python for Networking & Security Access here: linkedin.com/feed/update/urn… #PythonSecurity #CyberSec #EthicalHacking #InfosecCommunity #devops #networking #security

Bandit: Open-source tool designed to find security issues in Python code - helpnetsecurity.com/2026/01/… - @eric_wade_brown #CyberSecurity #AppSec #PythonSecurity #DevSecOps #SecureCoding

Tracking malicious code execution in Python #PythonSecurity #MaliciousCode #CodeObfuscation #StaticAnalysis #SupplyChainAttacks rushter.com/blog/python-code…

ShadowMQ: How Code Reuse Spread Critical Vulnerabilities Across the AI Ecosystem - oligo.security/blog/shadowmq… by @avi_lum at @OligoSecurity Over the past year, Oligo Security’s research team disclosed a series of critical Remote Code Execution (RCE) vulnerabilities lurking inside some of the most widely used AI inference servers, including frameworks from Meta, NVIDIA, Microsoft, and PyTorch projects like vLLM and SGLang. These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ (ZMQ) and Python’s pickle deserialization. But what surprised us the most wasn’t the bug itself. It was how it spread. As we dug deeper, we found that code files were copied between projects (sometimes line-for-line) carrying dangerous patterns from one repository to the next. We call this pattern ShadowMQ: a hidden communication-layer flaw propagated through code reuse in the modern AI stack. #ShadowMQ #AISecurity #LLMSecurity #InferenceSecurity #RuntimeSecurity #ZeroMQ #PickleDeserialization #RCERisk #SupplyChainSecurity #OpenSourceSecurity #CodeReuse #ShadowVulnerabilities #CloudSecurity #GPUClusters #ModelSecurity #PythonSecurity #AppSec #ThreatResearch #AIEcosystem #DevSecOps #OligoSecurity

⚠️ Malicious PyPI Package “soopsocks” Infected Over 2,600 Systems thehackernews.com/2025/10/al… A PyPI package posing as a SOCKS5 utility deployed a backdoor on Windows systems, executed PowerShell scripts, escalated privileges, and exfiltrated data to a hard-coded Discord webhook. The attackers leveraged automatic installation, firewall manipulation, and persistence techniques to stay hidden. #CyberSecurity #ThreatHunting #PythonSecurity

A Systematic Evaluation of Parameter-Efficient Fine-Tuning Methods for the Security of Code LLMs - arxiv.org/pdf/2509.12649v1 🎯 Goal: Make code models generate more secure Python without breaking functionality. 🛠️ Train: Curate a clean Python set from Py150k (secure-only), then fine-tune with PEFT (small adapters; base frozen). 🔒 Evaluate: Pick 81 prompts from LLMSecEval covering 13 Python CWEs, filtered to be CodeQL-checkable. Generate at 6 temperatures; compute Compilation-Rate, Secure-Rate, Overall-Secure-Rate (OSR). 📈 Results: Baseline CodeGen2-16B OSR 67.28% → with prompt-tuning OSR 80.86%. Best temperature pushes secure rate to 87.65%. ✅ Functionality: HumanEval pass@k remains comparable (standard temps: 0.2/0.6/1.0). 🧪 Poisoning test (TrojanPuzzle): Prompt/prefix cut triggered vulns 19/36 → 7/36. 🧭 Takeaway: Curate secure data prompt/prefix PEFT T≈0.8–1.0 = higher security without sacrificing basics. Authors: : @doo2won1, @hyoungshick, Kiho Lee, Jungkon Kim - @ETRINewsmaker, @SamsungResearch, @Samsung_RA, @Samsung_RA, @UTKnoxville, @SKKU_1398 #AISecurity #LLMSecurity #SecureCoding #AppSec #CodeQL #CWE #PEFT #LoRA #PromptTuning #PrefixTuning #CodeGen #CodeLlama #HumanEval #LLMSecEval #TrojanPuzzle #StaticAnalysis #DevSecOps #PythonSecurity #ModelSafety #AIResearch

An Empirical Study of Vulnerabilities in Python Packages and Their Detection - arxiv.org/pdf/2509.04260v1 In this study, we present PyVul, the first large-scale, highquality vulnerability benchmark suite for Python packages. Current vulnerability benchmarks for Python, composed of vulnerabilities at either the commit or function level, either do not derive from or are difficult to associate with Python packages. For instance, #CVEFixes and #CrossVul are collected based on projects from security platforms such as National Vulnerability Database (NVD)and do not effectively map to Python packages. In addition, datasets such as #VUDENC and #SVEN focus on Python code changes, consequently overlooking cross-language vulnerabilities. This motivates us to collect the first benchmark of real-world vulnerabilities in Python packages. Authors: Haowei Quan, Junjie Wang, Xinzhe Li, @terryyuezhuo, Xiao Chen, @xiaoning_du at @MonashEducation @TianjinUniv1895 @Uni_Newcastle @MonashInfotech #PythonSecurity #PyPI #SoftwareSupplyChain #VulnerabilityDetection #CWE #StaticAnalysis #SAST #DevSecOps #OpenSourceSecurity #CodeSecurity #CybersecurityResearch #Benchmark #Dataset #MLSecOps #LLMOpsSourcesIs

Fake PyPI site targets Python devs, delivering malware via malicious packages in phishing campaign—comprises dev workflows and credentials. 🚨 Verify sources, monitor build environments. Full breakdown here: dailysecurityreview.com/secu… #PythonSecurity #Phishing #SupplyChain

A study reveals Python's ecosystem is a "labyrinth of dependencies" that propagates vulnerabilities. Over 145,000 packages are at risk, with urllib3 accounting for 41% of all exposures. #PyPI #PythonSecurity #SupplyChainAttack #Vulnerability #OpenSource securityonline.info/pypitfal…

A vulnerability (CVE-2025-8194, CVSS 7.5) in Python's tarfile module allows attackers to cause infinite loops and DoS by processing maliciously crafted archives. Patch immediately! #PythonSecurity #TarfileVulnerability #DoSAttack #CVE #CybersecurityAlert securityonline.info/python-t…

🔐 Master Python with a Security Edge! Join the Codevirus Security for Python Course and level up your coding skills with real-world cybersecurity techniques. 🐍💻🔥 #Codevirus #PythonSecurity #CyberSecureDev #LearnToCode #PythonCourse

Vulnerability Detection Model using LLM and Code Chunk - arxiv.org/pdf/2506.19453 Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable packages or libraries, they often overlook the specific functions responsible for these vulnerabilities. Pinpointing vulnerable functions within packages or libraries is critical, as it can significantly reduce the risks associated with using open-source software. Identifying vulnerable patches is challenging because developers often submit code changes that are unrelated to vulnerability fixes. To address this issue, this paper introduces FuncVul, an innovative code chunk-based model for function-level vulnerability detection in C/C and Python, designed to identify multiple vulnerabilities within a function by focusing on smaller, critical code segments. To assess the model’s effectiveness, we construct six code and generic code chunk based datasets using two approaches: (1) integrating patch information with large language models to label vulnerable samples and (2) leveraging large language models alone to detect vulnerabilities in function-level code. To design FuncVul vulnerability model, we utilise GraphCodeBERT fine tune model that captures both the syntactic and semantic aspects of code. Experimental results show that FuncVul outperforms existing state-of-the-art models, achieving an average accuracy of 87-92% and an F1 score of 86-92% across all datasets. Furthermore, we have demonstrated that our codechunk-based FuncVul model improves 53.9% accuracy and 42.0% F1-score than the full function-based vulnerability prediction. #FuncVul #LLMSecurity #CodeChunks #VulnerabilityDetection #SoftwareSupplyChain #OpenSourceSecurity #GraphCodeBERT #FunctionLevelAnalysis #PatchDetection #CodeSecurity #AI4Code #CVEAnalysis #SecureCoding #AIinSecurity #CodeVulnerabilities #LLMDetection #PythonSecurity #CppSecurity #SemanticCodeAnalysis #AISoftwareSecurity

A critical flaw (CVE-2025-4517, CVSS 9.4) in Python's tarfile module allows arbitrary file reads/writes outside the extraction directory. PoC is public; update immediately! #PythonSecurity #TarfileVulnerability #PathTraversal #Cybersecurity securityonline.info/critical…

A high-severity flaw in Google's pure-Python Protobuf backend allows unauthenticated attackers to crash applications via crafted nested messages. Update now! #PythonSecurity #Protobuf #DoSAttack #Cybersecurity #Vulnerability securityonline.info/python-p…