Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

With the PyArrow library installed, pandas 3.0 interprets string columns automatically as the str data type instead of NumPy- ...

Stranger Things concept of the “Upside Down” is a useful way to think about the risks lurking in the software we all rely on.

来自中国人民大学的董冠霆，主要研究方向为智能信息检索和智能体强化学习，曾获国家奖学金、北京市优秀毕业生等荣誉，并入选国家自然科学基金青年学生基础研究项目 (博士生)、中国科协青年人才托举工程博士生专项计划资助，代表工作包括 ...

Veracode announced key platform innovations introduced through the second half of 2025, providing preventive control for software supply chains.

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

通过这次大规模调查，研究团队揭示了一个令人震惊的现实：超过四分之一（26.1%）的技能包存在至少一种安全漏洞。更具体地说，他们发现了14种不同的漏洞模式，可以归纳为四大类威胁：恶意指令注入、数据窃取、权限提升和供应链攻击。