Намери подобно съдържание

The Slovak National Security Office (#NBU) has identified ten malicious Python libraries uploaded on #PyPI — Python Package Index — the official third-party software repository for the Python programming language. Libraries included malicious but benign code Packages removed last week https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/

PyPI 现在支持数字证明，增强了项目供应链的安全性。维护者可以在发布包时附上签名的数字证明，并通过新的 API 供用户和安装程序验证这证明。与传统的 PGP 签名相比，数字证明有三大优势：它们由身份而非密钥对签名，提供与上游源仓库的可验证链接，并且在上传时必须可验。已有超过 20,000 个证明被发布。PyPI 还提供了新的 Integrity API 和网页界面，方便用户查看文件的证明。 https://blog.pypi.org/posts/2024-11-14-pypi-now-supports-digital-attestations/ #Python#Security#PyPI #AIGC

The telnyx packages on PyPI have been compromised PyPI 官方仓库中的 `telnyx` 包被发现存在恶意版本。根据 SafeDep 的报告，于 2026 年 3 月 27 日发布的 4.87.1 和 4.87.2 版本被注入了恶意代码。 此次攻击影响重大，因为该包月均下载量超过 100 万次。恶意代码位于 `telnyx/_client.py` 中，其功能是从远程服务器下载隐藏在 WAV 音频文件中的第二阶段二进制载荷。该载荷会根据操作系统执行不同操作：在 Windows 上植入持久性可执行文件，在 Linux 或 macOS 上则窃取用户凭证。 建议开发者立即检查项目依赖，避免使用上述受影响版本。 原文链接：https://lwn.net/Articles/1065059/ #网络安全#供应链攻击#Python#PyPI #AIGC Read more

#python#allowlist#blocklist#disposable#domain#email#filter#hacktoberfest#pypi This resource provides a comprehensive, regularly updated list of disposable email domains used to block fake or temporary email addresses that people often use to spam or abuse online services. By using this list, you can prevent users from registering with throwaway emails, improving the quality and security of your user base. It offers easy integration examples in many programming languages, helping you quickly check if an email is disposable and reject it if needed. This keeps your system cleaner, reduces spam, and ensures users provide real, permanent emails for better communication and trust. The list is free to use and open for contributions, making it reliable and community-supported. https://github.com/disposable-email-domains/disposable-email-domains

#AI#Artificial_Intelligence #AJAX #aiohttp #Anaconda #AngularJS #API #Atom #AWS #asyncio (#Asynchronous) #audio #automated_testing #automation #atexit #BeeWare #Big_Data #bitcoin #blockchain #Bluemix #Brython #button #Celery #client #class #classmethod #concurrency #Coroutine #cron #CSS #curl #data_analysis #data_mining #data_processing #database #Deep_Learning#deep_learning #Debian #decorator #deploy #dict #dispatch #django #django_cms #Django_REST_Framework #dropdownbox #Docker #event #Firefox #Flask #form #functions #Generator #GeoDjango #git #Google #GPU #GUI #Gym #host #HTML #httplib #learn #Image_processing #intelligence #input #Instagram #IOT #iPython #Jupyter #lambda #learn #License #Linux #lists #machine_learning #Magenta #map #Matplotlib #Metaprogramming #Micro_services #Micropython #mind #monitoring #MongoDB #modules #Mozilla #Multipart #multi_touch_apps #multiprocessing #Nodes #NoSQL #numeric_computation #numerical #NumPy #network #neural_network #OAuth #object_serialization #OCR #overloading #package #parallel #pipeline #protocols #PostGIS #pyAudioAnalysis #pycon #Pyflakes #PyInstaller #PyPI #PyQt #PySide #PyTorch #pytest #python #Pyvideo_archives #Qt #Raspberry_Pi #React #Redis #random #request #Regular_Expressions (#re) #REST #RSS #satellite #scikit_learn #SciPy #scrapy #searching #selectbox #Selenium #serialization #server #sessions #single_responsibility_principle #socket #Spark #str #submit #task #telegram #template #TensorFlow #test #text_boxes #text #tuples #unicode #Universe #Unix #unit_test #urllib #upload #uWSGI #Web #WSGI