home.social

#pythonsecurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #pythonsecurity, aggregated by home.social.

  1. James @[email protected] ·

    LiteLLM supply chain attack: 97M monthly downloads, one malicious update, every secret stolen. The library helps AI apps connect to different models, so when hackers poisoned it, the damage spread to countless dependent projects. This is why we isolate our Python environments. #AISupplyChain #CyberSecurity #PythonSecurity #DevSec #AITools

    #aitools #devsec #pythonsecurity #cybersecurity #aisupplychain
  2. James @[email protected] ·

    LiteLLM supply chain attack: 97M monthly downloads, one malicious update, every secret stolen. The library helps AI apps connect to different models, so when hackers poisoned it, the damage spread to countless dependent projects. This is why we isolate our Python environments. #AISupplyChain #CyberSecurity #PythonSecurity #DevSec #AITools

    #aisupplychain #cybersecurity #pythonsecurity #devsec #aitools
  3. ピゴスパ @[email protected] ·

    Thanks to @eelcoa I learned today, that the Python Software Foundation ( @ThePSF ) rejected a $1.5 Million USD fund, because they demonstrated integrity by not bowing down to #Trump and instead stand by their mission statement "(...) to support and facilitate the growth of a diverse and international community (...)", something that the US Government is blackmailing companies and organisations around the world(!) to stop doing!

    This is worth supporting, and with approximately over 8 Million estimated Python programmers around the globe[1], that $1.5 Million USD could be reached by all of us with ease by giving back.

    Support them here: psfmember.org/civicrm/contribu

    Read the full statement here: pyfound.blogspot.com/2025/10/N

    Donate, spread the message, follow them on mastodon, and be part of showing big tech companies of how it is done right!

    Original toot by eelcoa (in Dutch): mastodon.nl/@eelcoa/1154567730

    --

    [1] Number of Python programmers taken from here, which is also worth a read: leftronic.com/blog/python-stat

    #python #psf #thepsf #supportpsf #funding #pythonsecurity #pipy #pipysecurity #dei #NoTrump

    #trump #python #psf #thepsf #supportpsf #funding
  4. ピゴスパ @[email protected] ·

    Thanks to @eelcoa I learned today, that the Python Software Foundation ( @ThePSF ) rejected a $1.5 Million USD fund, because they demonstrated integrity by not bowing down to #Trump and instead stand by their mission statement "(...) to support and facilitate the growth of a diverse and international community (...)", something that the US Government is blackmailing companies and organisations around the world(!) to stop doing!

    This is worth supporting, and with approximately over 8 Million estimated Python programmers around the globe[1], that $1.5 Million USD could be reached by all of us with ease by giving back.

    Support them here: psfmember.org/civicrm/contribu

    Read the full statement here: pyfound.blogspot.com/2025/10/N

    Donate, spread the message, follow them on mastodon, and be part of showing big tech companies of how it is done right!

    Original toot by eelcoa (in Dutch): mastodon.nl/@eelcoa/1154567730

    --

    [1] Number of Python programmers taken from here, which is also worth a read: leftronic.com/blog/python-stat

    #python #psf #thepsf #supportpsf #funding #pythonsecurity #pipy #pipysecurity #dei #NoTrump

    #trump #python #psf #thepsf #supportpsf #funding
  5. ピゴスパ @[email protected] ·

    Thanks to @eelcoa I learned today, that the Python Software Foundation ( @ThePSF ) rejected a $1.5 Million USD fund, because they demonstrated integrity by not bowing down to #Trump and instead stand by their mission statement "(...) to support and facilitate the growth of a diverse and international community (...)", something that the US Government is blackmailing companies and organisations around the world(!) to stop doing!

    This is worth supporting, and with approximately over 8 Million estimated Python programmers around the globe[1], that $1.5 Million USD could be reached by all of us with ease by giving back.

    Support them here: psfmember.org/civicrm/contribu

    Read the full statement here: pyfound.blogspot.com/2025/10/N

    Donate, spread the message, follow them on mastodon, and be part of showing big tech companies of how it is done right!

    Original toot by eelcoa (in Dutch): mastodon.nl/@eelcoa/1154567730

    --

    [1] Number of Python programmers taken from here, which is also worth a read: leftronic.com/blog/python-stat

    #python #psf #thepsf #supportpsf #funding #pythonsecurity #pipy #pipysecurity #dei #NoTrump

    #trump #python #psf #thepsf #supportpsf #funding
  6. ピゴスパ @[email protected] ·

    Thanks to @eelcoa I learned today, that the Python Software Foundation ( @ThePSF ) rejected a $1.5 Million USD fund, because they demonstrated integrity by not bowing down to #Trump and instead stand by their mission statement "(...) to support and facilitate the growth of a diverse and international community (...)", something that the US Government is blackmailing companies and organisations around the world(!) to stop doing!

    This is worth supporting, and with approximately over 8 Million estimated Python programmers around the globe[1], that $1.5 Million USD could be reached by all of us with ease by giving back.

    Support them here: psfmember.org/civicrm/contribu

    Read the full statement here: pyfound.blogspot.com/2025/10/N

    Donate, spread the message, follow them on mastodon, and be part of showing big tech companies of how it is done right!

    Original toot by eelcoa (in Dutch): mastodon.nl/@eelcoa/1154567730

    --

    [1] Number of Python programmers taken from here, which is also worth a read: leftronic.com/blog/python-stat

    #python #psf #thepsf #supportpsf #funding #pythonsecurity #pipy #pipysecurity #dei #NoTrump

    #notrump #dei #pipysecurity #pipy #pythonsecurity #funding
  7. ピゴスパ @[email protected] ·

    Thanks to @eelcoa I learned today, that the Python Software Foundation ( @ThePSF ) rejected a $1.5 Million USD fund, because they demonstrated integrity by not bowing down to #Trump and instead stand by their mission statement "(...) to support and facilitate the growth of a diverse and international community (...)", something that the US Government is blackmailing companies and organisations around the world(!) to stop doing!

    This is worth supporting, and with approximately over 8 Million estimated Python programmers around the globe[1], that $1.5 Million USD could be reached by all of us with ease by giving back.

    Support them here: psfmember.org/civicrm/contribu

    Read the full statement here: pyfound.blogspot.com/2025/10/N

    Donate, spread the message, follow them on mastodon, and be part of showing big tech companies of how it is done right!

    Original toot by eelcoa (in Dutch): mastodon.nl/@eelcoa/1154567730

    --

    [1] Number of Python programmers taken from here, which is also worth a read: leftronic.com/blog/python-stat

    #python #psf #thepsf #supportpsf #funding #pythonsecurity #pipy #pipysecurity #dei #NoTrump

    #trump #python #psf #thepsf #supportpsf #funding
  8. Ricardo Alves @[email protected] ·

    So it goes. Part I

    🧩 Been poking at eval() and exec() in Python — they're deceptively powerful. One stray input and you're one __import__ away from a shell.
    Remote Code Execution (RCE) isn’t just old news — it’s still real, still nasty in the wrong hands.

    🌲 Python’s ASTs let you trace what a script really does without running it — but just one layer of obfuscation, and they fall apart.

    Small tools, deep cuts. Keep digging.

    #PythonSecurity #ReverseEngineering #Cybersecurity

    #pythonsecurity #reverseengineering #cybersecurity
  9. Ricardo Alves @[email protected] ·

    So it goes. Part I

    🧩 Been poking at eval() and exec() in Python — they're deceptively powerful. One stray input and you're one __import__ away from a shell.
    Remote Code Execution (RCE) isn’t just old news — it’s still real, still nasty in the wrong hands.

    🌲 Python’s ASTs let you trace what a script really does without running it — but just one layer of obfuscation, and they fall apart.

    Small tools, deep cuts. Keep digging.

    #PythonSecurity #ReverseEngineering #Cybersecurity

    #pythonsecurity #reverseengineering #cybersecurity
  10. Sentinel Security @[email protected] ·

    📦 Don't trust user input in your Python app?
    Use shlex.quote() before calling shell commands — or better:
    ✅ Use subprocess.run([...], shell=False)
    Avoid shell=True unless you're really sure.
    One unsanitized input = full shell access.
    #InfoSec #PythonSecurity

    #infosec #pythonsecurity
  11. halil deniz @[email protected] ·

    Hello everyone.

    In today's article, we are examining one of the popular cyber attacks, the arp poisoning attack, with coding.

    I wish everyone a good reading

    denizhalil.com/2024/11/22/arp-

    #cybersecurity #networksecurity #arpspoofing #pythonhacking #pythonsecurity

    #cybersecurity #networksecurity #arpspoofing #pythonhacking #pythonsecurity
  12. halil deniz @[email protected] ·

    Hello everyone.

    In today's article, we are examining one of the popular cyber attacks, the arp poisoning attack, with coding.

    I wish everyone a good reading

    denizhalil.com/2024/11/22/arp-

    #cybersecurity #networksecurity #arpspoofing #pythonhacking #pythonsecurity

    #pythonsecurity #pythonhacking #arpspoofing #networksecurity #cybersecurity
  13. halil deniz @[email protected] ·

    Hello everyone.

    In today's article, we are examining one of the popular cyber attacks, the arp poisoning attack, with coding.

    I wish everyone a good reading

    denizhalil.com/2024/11/22/arp-

    #cybersecurity #networksecurity #arpspoofing #pythonhacking #pythonsecurity

    #cybersecurity #networksecurity #arpspoofing #pythonhacking #pythonsecurity
  14. r3f0x :loading: @[email protected] ·

    🔒 Learn how to write secure Python code with our comprehensive step-by-step guide! 🐍

    🔑 Key tips:
    - Use virtual environments for dependency isolation 🌐
    - Limit variable and function scope 🔍
    - Modularize code for better security 🧩
    - Protect against code injection 🛡️
    - Follow the principle of least privilege 🔒
    - Implement strong authentication and authorization 🔑
    - Practice proper session management ⏰
    - Be cautious with eval() and exec() functions ⚠️

    Read the full guide here: cybersecurefox.com/en/secure-p

    Remember, security is an ongoing process. Regularly review and update your code, and stay informed about the latest security recommendations. 📈
    Share your favorite Python security tip in the comments below! 💬

    #PythonSecurity #SecureCoding #Cybersecurity #ProgrammingTips
    cybersecurefox.com/en/secure-p

    #pythonsecurity #securecoding #cybersecurity #programmingtips
  15. r3f0x :loading: @[email protected] ·

    🔒 Learn how to write secure Python code with our comprehensive step-by-step guide! 🐍

    🔑 Key tips:
    - Use virtual environments for dependency isolation 🌐
    - Limit variable and function scope 🔍
    - Modularize code for better security 🧩
    - Protect against code injection 🛡️
    - Follow the principle of least privilege 🔒
    - Implement strong authentication and authorization 🔑
    - Practice proper session management ⏰
    - Be cautious with eval() and exec() functions ⚠️

    Read the full guide here: cybersecurefox.com/en/secure-p

    Remember, security is an ongoing process. Regularly review and update your code, and stay informed about the latest security recommendations. 📈
    Share your favorite Python security tip in the comments below! 💬

    #PythonSecurity #SecureCoding #Cybersecurity #ProgrammingTips
    cybersecurefox.com/en/secure-p

    #pythonsecurity #securecoding #cybersecurity #programmingtips
  16. r3f0x :loading: @[email protected] ·

    🔒 Learn how to write secure Python code with our comprehensive step-by-step guide! 🐍

    🔑 Key tips:
    - Use virtual environments for dependency isolation 🌐
    - Limit variable and function scope 🔍
    - Modularize code for better security 🧩
    - Protect against code injection 🛡️
    - Follow the principle of least privilege 🔒
    - Implement strong authentication and authorization 🔑
    - Practice proper session management ⏰
    - Be cautious with eval() and exec() functions ⚠️

    Read the full guide here: cybersecurefox.com/en/secure-p

    Remember, security is an ongoing process. Regularly review and update your code, and stay informed about the latest security recommendations. 📈
    Share your favorite Python security tip in the comments below! 💬

    #PythonSecurity #SecureCoding #Cybersecurity #ProgrammingTips
    cybersecurefox.com/en/secure-p

    #programmingtips #cybersecurity #securecoding #pythonsecurity
  17. r3f0x :loading: @[email protected] ·

    🔒 Learn how to write secure Python code with our comprehensive step-by-step guide! 🐍

    🔑 Key tips:
    - Use virtual environments for dependency isolation 🌐
    - Limit variable and function scope 🔍
    - Modularize code for better security 🧩
    - Protect against code injection 🛡️
    - Follow the principle of least privilege 🔒
    - Implement strong authentication and authorization 🔑
    - Practice proper session management ⏰
    - Be cautious with eval() and exec() functions ⚠️

    Read the full guide here: cybersecurefox.com/en/secure-p

    Remember, security is an ongoing process. Regularly review and update your code, and stay informed about the latest security recommendations. 📈
    Share your favorite Python security tip in the comments below! 💬

    #PythonSecurity #SecureCoding #Cybersecurity #ProgrammingTips
    cybersecurefox.com/en/secure-p

    #pythonsecurity #securecoding #cybersecurity #programmingtips
  18. iam-py-test :transgender_flag: :neocat_flag_lesbian: @[email protected] ·

    Python's urllib3 has fixed a low severity vulnerability in version 2.2.2, which was released yesterday.
    This vulnerability has been assigned CVE-2024-37891.
    For those not familiar with urllib3, it describes it's self as

    a powerful, user-friendly HTTP client for Python

    It is used by many projects and libraries, including the popular requests library.

    github.com/urllib3/urllib3/sec

    #CVE_2024_37891 #urllib3 #pythonSecurity

    #cve_2024_37891 #urllib3 #pythonsecurity
  19. iam-py-test :transgender_flag: :neocat_flag_lesbian: @[email protected] ·

    Python's urllib3 has fixed a low severity vulnerability in version 2.2.2, which was released yesterday.
    This vulnerability has been assigned CVE-2024-37891.
    For those not familiar with urllib3, it describes it's self as

    a powerful, user-friendly HTTP client for Python

    It is used by many projects and libraries, including the popular requests library.

    github.com/urllib3/urllib3/sec

    #CVE_2024_37891 #urllib3 #pythonSecurity

    #cve_2024_37891 #urllib3 #pythonsecurity
  20. iam-py-test :transgender_flag: :neocat_flag_lesbian: @[email protected] ·

    Python's urllib3 has fixed a low severity vulnerability in version 2.2.2
    This vulnerability has been assigned CVE-2024-37891.
    For those not familiar with urllib3, it describes it's self as

    a powerful, user-friendly HTTP client for Python

    It is used by many projects and libraries, including the popular requests library.

    github.com/urllib3/urllib3/sec

    #CVE_2024_37891 #urllib3 #pythonsecurity

    #cve_2024_37891 #urllib3 #pythonsecurity
  21. iam-py-test :transgender_flag: :neocat_flag_lesbian: @[email protected] ·

    Python's urllib3 has fixed a low severity vulnerability in version 2.2.2, which was released yesterday.
    This vulnerability has been assigned CVE-2024-37891.
    For those not familiar with urllib3, it describes it's self as

    a powerful, user-friendly HTTP client for Python

    It is used by many projects and libraries, including the popular requests library.

    github.com/urllib3/urllib3/sec

    #CVE_2024_37891 #urllib3 #pythonSecurity

    #pythonsecurity #urllib3 #cve_2024_37891
  22. iam-py-test :transgender_flag: :neocat_flag_lesbian: @[email protected] ·

    Python's urllib3 has fixed a low severity vulnerability in version 2.2.2, which was released yesterday.
    This vulnerability has been assigned CVE-2024-37891.
    For those not familiar with urllib3, it describes it's self as

    a powerful, user-friendly HTTP client for Python

    It is used by many projects and libraries, including the popular requests library.

    github.com/urllib3/urllib3/sec

    #CVE_2024_37891 #urllib3 #pythonSecurity

    #cve_2024_37891 #urllib3 #pythonsecurity
  23. David Zaslavsky @[email protected] ·

    @fohrloop Huh. I did a quick experiment which suggests otherwise:

    >>> from packaging.version import Version
    >>> from packaging.specifiers import SpecifierSet
    >>> s1 = SpecifierSet("==2.2.0")
    >>> Version("2.2.0.post0") in s1
    False
    >>> Version("2.2.0.post1") in s1
    False
    >>> Version("2.2.0") in s1
    True

    (".post0" is the canonical way of writing "-0", and so on)

    #Python #PythonSecurity #security #pip

    #python #pythonsecurity #security #pip
  24. David Zaslavsky @[email protected] ·

    @fohrloop Huh. I did a quick experiment which suggests otherwise:

    >>> from packaging.version import Version
    >>> from packaging.specifiers import SpecifierSet
    >>> s1 = SpecifierSet("==2.2.0")
    >>> Version("2.2.0.post0") in s1
    False
    >>> Version("2.2.0.post1") in s1
    False
    >>> Version("2.2.0") in s1
    True

    (".post0" is the canonical way of writing "-0", and so on)

    #Python #PythonSecurity #security #pip

    #python #pythonsecurity #security #pip
  25. David Zaslavsky @[email protected] ·

    @fohrloop Huh. I did a quick experiment which suggests otherwise:

    >>> from packaging.version import Version
    >>> from packaging.specifiers import SpecifierSet
    >>> s1 = SpecifierSet("==2.2.0")
    >>> Version("2.2.0.post0") in s1
    False
    >>> Version("2.2.0.post1") in s1
    False
    >>> Version("2.2.0") in s1
    True

    (".post0" is the canonical way of writing "-0", and so on)

    #Python #PythonSecurity #security #pip

    #python #pythonsecurity #security #pip
  26. David Zaslavsky @[email protected] ·

    @fohrloop Huh. I did a quick experiment which suggests otherwise:

    >>> from packaging.version import Version
    >>> from packaging.specifiers import SpecifierSet
    >>> s1 = SpecifierSet("==2.2.0")
    >>> Version("2.2.0.post0") in s1
    False
    >>> Version("2.2.0.post1") in s1
    False
    >>> Version("2.2.0") in s1
    True

    (".post0" is the canonical way of writing "-0", and so on)

    #Python #PythonSecurity #security #pip

    #pip #security #pythonsecurity #python
  27. David Zaslavsky @diazona ·

    @fohrloop Huh. I did a quick experiment which suggests otherwise:

    >>> from packaging.version import Version
    >>> from packaging.specifiers import SpecifierSet
    >>> s1 = SpecifierSet("==2.2.0")
    >>> Version("2.2.0.post0") in s1
    False
    >>> Version("2.2.0.post1") in s1
    False
    >>> Version("2.2.0") in s1
    True

    (".post0" is the canonical way of writing "-0", and so on)

    #python #pythonsecurity #security #pip
  28. Trent Johnson 🦍 @[email protected] ·

    I had #ChatGPT write a #Python script to scan my machines for the infected packages mentioned in this @BleepingComputer article. I've tested it on my work laptop and that is it. Please feel free to test it out and let me know if it works.

    github.com/ludothegreat/Python

    #PythonSecurity #MaliciousPackages #DataProtection #PythonScript #InfoSec #cybersecurity #PythonPackages

    #chatgpt #python #pythonsecurity #maliciouspackages #dataprotection #pythonscript
  29. Trent Johnson 🦍 @[email protected] ·

    I had #ChatGPT write a #Python script to scan my machines for the infected packages mentioned in this @BleepingComputer article. I've tested it on my work laptop and that is it. Please feel free to test it out and let me know if it works.

    github.com/ludothegreat/Python

    #PythonSecurity #MaliciousPackages #DataProtection #PythonScript #InfoSec #cybersecurity #PythonPackages

    #chatgpt #python #pythonsecurity #maliciouspackages #dataprotection #pythonscript
  30. Trent Johnson 🦍 @[email protected] ·

    I had #ChatGPT write a #Python script to scan my machines for the infected packages mentioned in this @BleepingComputer article. I've tested it on my work laptop and that is it. Please feel free to test it out and let me know if it works.

    github.com/ludothegreat/Python

    #PythonSecurity #MaliciousPackages #DataProtection #PythonScript #InfoSec #cybersecurity #PythonPackages

    #chatgpt #python #pythonsecurity #maliciouspackages #dataprotection #pythonscript
  31. Trent Johnson 🦍 @[email protected] ·

    I had #ChatGPT write a #Python script to scan my machines for the infected packages mentioned in this @BleepingComputer article. I've tested it on my work laptop and that is it. Please feel free to test it out and let me know if it works.

    github.com/ludothegreat/Python

    #PythonSecurity #MaliciousPackages #DataProtection #PythonScript #InfoSec #cybersecurity #PythonPackages

    #pythonpackages #cybersecurity #infosec #pythonscript #dataprotection #maliciouspackages
  32. Trent Johnson 🦍 @[email protected] ·

    I had #ChatGPT write a #Python script to scan my machines for the infected packages mentioned in this @BleepingComputer article. I've tested it on my work laptop and that is it. Please feel free to test it out and let me know if it works.

    github.com/ludothegreat/Python

    #PythonSecurity #MaliciousPackages #DataProtection #PythonScript #InfoSec #cybersecurity #PythonPackages

    #chatgpt #python #pythonsecurity #maliciouspackages #dataprotection #pythonscript