The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
GitHub

dabeaz-course/python-mastery: Advanced Python Mastery (course by @dabeaz)

An exercise-driven course on Advanced Python Programming that was battle-tested several hundred times on the corporate-training circuit for more than a decade. Written by David Beazley, author of the ...
腾讯网

AI代理技能生态安全大调查:超过四分之一的技能包存在安全漏洞

通过这次大规模调查,研究团队揭示了一个令人震惊的现实:超过四分之一(26.1%)的技能包存在至少一种安全漏洞。更具体地说,他们发现了14种不同的漏洞模式,可以归纳为四大类威胁:恶意指令注入、数据窃取、权限提升和供应链攻击。