The Hacker News

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Picklescan flaws allowed attackers to bypass scans and execute hidden code in malicious PyTorch models before the latest ...
Bleeping Computer

Python info-stealing malware uses Unicode to evade detection

A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised ...
CSOonline

Attackers use Python compiled bytecode to evade detection

Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software. Attackers who are targeting open-source package repositories like ...