#python-security
#python-security

fromDeveloper Tech News

Check Point: AI coding assistants are leaking API keys

AI coding assistants are unintentionally leaking sensitive internal data, including API keys, by ingesting entire workspaces without recognizing sensitive files.

Information security

Is 46% of your AI-generated code vulnerable?

fromDeveloper Tech News

Check Point: AI coding assistants are leaking API keys

AI coding assistants are unintentionally leaking sensitive internal data, including API keys, by ingesting entire workspaces without recognizing sensitive files.

more#ai-coding-assistants

Is 46% of your AI-generated code vulnerable?

46% of AI-generated code contains security vulnerabilities, necessitating integrated governance throughout the software delivery lifecycle.

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but poses privacy and security risks in public spaces.

fromAP News

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but comes with privacy and security risks when working in public spaces.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

fromSFGATE

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work in public spaces offers flexibility but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

fromWRAL.com

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but poses privacy and security risks in public spaces.

fromAP News

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but comes with privacy and security risks when working in public spaces.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

fromSFGATE

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work in public spaces offers flexibility but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

more#remote-work

#ai

Python

PyCharm for Django Fundraiser: Why Django Matters in the AI Era - And Why We're Supporting It | The PyCharm Blog

fromEngadget

Artificial intelligence

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic's Claude Mythos

Software development

Mythos found 271 Firefox flaws - none a human couldn't spot

Information security

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

Microsoft is using Mythos to detect vulnerabilities

Microsoft integrates AI into cybersecurity to enhance vulnerability detection and prevention during software development.

Python

PyCharm for Django Fundraiser: Why Django Matters in the AI Era - And Why We're Supporting It | The PyCharm Blog

Artificial intelligence

fromEngadget

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic's Claude Mythos

Mozilla's use of Anthropic's Claude Mythos model successfully identified and patched 271 vulnerabilities in Firefox, showcasing AI's potential in cybersecurity.

Mythos found 271 Firefox flaws - none a human couldn't spot

Mythos AI model significantly improves bug detection, identifying 271 vulnerabilities in Firefox 150, marking a pivotal moment for software security.

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

Microsoft is using Mythos to detect vulnerabilities

Microsoft integrates AI into cybersecurity to enhance vulnerability detection and prevention during software development.

How open source ideals must expand for AI

Open source must evolve to integrate implementation, specification, and governance for a resurgence in the age of AI.

Linux may get exemption from Colorado age-check bill

OS-level age checks for open source systems raise concerns, but proposed exemptions in Colorado may set a precedent amid potential federal legislation.

19 hours ago

How open source ideals must expand for AI

Open source must evolve to integrate implementation, specification, and governance for a resurgence in the age of AI.

Linux may get exemption from Colorado age-check bill

OS-level age checks for open source systems raise concerns, but proposed exemptions in Colorado may set a precedent amid potential federal legislation.

New Firefox update patches a whopping 271 bugs, thanks to Claude Mythos

Firefox 150 introduces enhanced features and fixes 271 security flaws.

Mozilla Fixes 271 Firefox Bugs Using Anthropic's Mythos AI

Firefox 150 includes patches for 271 security vulnerabilities identified using Anthropic's Claude Mythos Preview AI model.

As Mythos fixes Mozilla flaws, unauthorized access spells disaster

Firefox's Claude Mythos Preview addresses 271 vulnerabilities, but unauthorized access raises concerns about potential misuse by threat actors.

Web frameworks

fromZDNET

New Firefox update patches a whopping 271 bugs, thanks to Claude Mythos

Firefox 150 introduces enhanced features and fixes 271 security flaws.

Mozilla Fixes 271 Firefox Bugs Using Anthropic's Mythos AI

Firefox 150 includes patches for 271 security vulnerabilities identified using Anthropic's Claude Mythos Preview AI model.

As Mythos fixes Mozilla flaws, unauthorized access spells disaster

Firefox's Claude Mythos Preview addresses 271 vulnerabilities, but unauthorized access raises concerns about potential misuse by threat actors.

DevOps

The Security Metric That's Failing You

19 hours ago

Information security

Sharing isn't caring if it's an admin password: Pwned

Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data

Hackers are increasingly using social engineering on Microsoft Teams to gain unauthorized access by impersonating IT support.

Information security

AI-pwned: Vercel breach traced to stolen employee creds

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

Hackers have targeted a vulnerability in discontinued TP-Link routers for a year without successful exploitation, according to Palo Alto Networks.

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

DevOps

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.

19 hours ago

Sharing isn't caring if it's an admin password: Pwned

Prioritizing convenience over security can lead to significant data loss, as demonstrated by a client using a common password and sharing it publicly.

Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data

Hackers are increasingly using social engineering on Microsoft Teams to gain unauthorized access by impersonating IT support.

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

Hackers have targeted a vulnerability in discontinued TP-Link routers for a year without successful exploitation, according to Palo Alto Networks.

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

more#cybersecurity

Mental health

fromSmashing Magazine

Session Timeouts: The Overlooked Accessibility Barrier In Authentication Design - Smashing Magazine

Poor session timeouts create significant accessibility barriers for users with disabilities, impacting their online experiences and tasks.

6 days ago

Exciting Python features are on the way

Python 3.15 introduces lazy imports, an immutable frozendict, JIT compiler improvements, and enhanced support for WebAssembly.

UX design

fromMedium

6 days ago

Your AI agent can read your codebase. It doesn't know your product.

AI coding agents lack design context, leading to generic outputs that don't align with a product's unique interaction patterns and brand identity.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

fromFortune

10 hours ago

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

PyCoder's Weekly | Issue #731

Wallaby enhances Python development with integrated testing, AI context, and tools for machine learning visualization and vector databases.

fromRealpython

Python

How to Conceptualize Python Fundamentals for Greater Mastery Quiz - Real Python

Python

How (Not) to Learn Python | The PyCharm Blog

fromPythonbytes

Python

Common themes

Ty is a fast type checker for Python projects, now used by major frameworks like FastAPI and Typer.

Python

PyCoder's Weekly | Issue #722

Practical Python tools and resources cover itertools for data science, circular-import debugging, unittest.mock testing techniques, and CI analytics for GitHub Actions optimization.

PyCoder's Weekly | Issue #731

Wallaby enhances Python development with integrated testing, AI context, and tools for machine learning visualization and vector databases.

fromRealpython

How to Conceptualize Python Fundamentals for Greater Mastery Quiz - Real Python

The quiz tests understanding of Python fundamentals through a structured framework for conceptualization.

Python

How (Not) to Learn Python | The PyCharm Blog

fromPythonbytes

Common themes

Ty is a fast type checker for Python projects, now used by major frameworks like FastAPI and Typer.

Python

PyCoder's Weekly | Issue #722

Microsoft taps Anthropic's Mythos to strengthen secure software development

Mythos can enhance the security of Microsoft products, benefiting enterprises without direct access.

fromSocial Media Examiner

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

#ai-agents

Artificial intelligence

Getting Started With OpenClaw: Step-by-Step to Your First Bot : Social Media Examiner

OpenClaw enables users to create AI agents without coding, automating workflows and reclaiming time for higher-value tasks.

fromSocial Media Examiner

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

Artificial intelligence

Getting Started With OpenClaw: Step-by-Step to Your First Bot : Social Media Examiner

OpenClaw enables users to create AI agents without coding, automating workflows and reclaiming time for higher-value tasks.

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

fromDevOps.com

13 hours ago

Agentic AI for Defense: How Checkmarx Turns Security into a Coding Partner - DevOps.com

Agentic AI proactively identifies and addresses security vulnerabilities in real-time during code development, enhancing application security significantly.

PyCoder's Weekly | Issue #730

Django's type hints integration is complex due to its early release before Python's standardization.

fromDjango Project

Django

Django security releases issued: 6.0.4, 5.2.13, and 4.2.30

3 weeks ago

PyCoder's Weekly | Issue #728

Django projects can be improved with Alpine AJAX and friendly classes for better code quality and maintainability.

Python

PyCoder's Weekly | Issue #719

Django 6 adds a general tasks framework enabling migration from Celery to a unified asynchronous task mechanism.

PyCoder's Weekly | Issue #730

Django's type hints integration is complex due to its early release before Python's standardization.

fromDjango Project

Django security releases issued: 6.0.4, 5.2.13, and 4.2.30

Django releases 6.0.4, 5.2.13, and 4.2.30 address security issues; users should upgrade promptly.

3 weeks ago

PyCoder's Weekly | Issue #728

Django projects can be improved with Alpine AJAX and friendly classes for better code quality and maintainability.

Python

PyCoder's Weekly | Issue #719

SQLite and SQLAlchemy in Python: Move Your Data Beyond Flat Files Quiz - Real Python

The quiz tests understanding of SQLite and SQLAlchemy concepts in Python.

fromWIRED

They Built a Legendary Privacy Tool. Now They're Sworn Enemies

GrapheneOS is highly regarded for mobile security, but its creator, Daniel Micay, has a controversial and enigmatic reputation within the cybersecurity community.

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.

Privacy professionals

fromTalkpython

OWASP Top 10 (2025 List) for Python Devs

The OWASP Top 10 has been updated with significant changes including supply chain attacks and exceptional condition handling.

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.

fromSiliconANGLE

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel experienced a security breach through Context.ai, compromising limited customer data and employee information.

Next.js Creator Vercel Hacked

Vercel confirmed a data breach involving unauthorized access to internal systems and compromised customer credentials.

fromThe Verge

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.

fromSiliconANGLE

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel experienced a security breach through Context.ai, compromising limited customer data and employee information.

Next.js Creator Vercel Hacked

Vercel confirmed a data breach involving unauthorized access to internal systems and compromised customer credentials.

fromThe Verge

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical vulnerability in the Terrarium Python sandbox allows arbitrary code execution with root privileges, rated 9.3 on the CVSS scale.

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical vulnerability in the Terrarium Python sandbox allows arbitrary code execution with root privileges, rated 9.3 on the CVSS scale.

PyCoder's Weekly | Issue #729

SerpApi provides structured JSON from search engines, simplifying data retrieval for AI applications.

fromArs Technica

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.

#openclaw

fromSitePoint Forums | Web Development & Design Community

What tools are you relying on besides Burp for web app testing?

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

fromSitePoint Forums | Web Development & Design Community

Why Your OpenClaw Setup is a "Malicious Insider" in Waiting

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

fromSitePoint Forums | Web Development & Design Community

What tools are you relying on besides Burp for web app testing?

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

fromSitePoint Forums | Web Development & Design Community

Why Your OpenClaw Setup is a "Malicious Insider" in Waiting

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

more#openclaw

fromTNW | Anthropic

Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.

fromTNW | Next-Featured

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

3 weeks ago

On the pleasures and dangers of open source Python

Project Detroit aims to integrate Java, Python, and JavaScript.

fromComputerWeekly.com

Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly

Local infrastructure in the UK is vulnerable to cyber attacks, risking severe disruption to essential services and public safety.

fromComputerWeekly.com

A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly

April 2025 Patch Tuesday update was the second-largest in history, addressing over 160 vulnerabilities, with AI tools potentially driving the increase.

fromEngadget

Anthropic is investigating 'unauthorized access' of its Mythos cybersecurity tool

We're investigating a report claiming unauthorized access to Claude Mythos Previous through one of our third-party vendor environments.

Information security

4 weeks ago

PyCoder's Weekly | Issue #727

Jazzband is winding down due to the overwhelming number of AI submissions affecting its cooperative model.

fromDjango Project

Recent trends in the work of the Django Security Team

We also patched two potential denial-of-service vulnerabilities when handling large, malformed inputs. One exploits inefficient string concatenation in header parsing under ASGI ( CVE 2025-14550). Concatenating strings in a loop is known to be slow, and we've done fixes in public where the impact is low. The other one ( CVE 2026-1285) exploits deeply nested entities. December's vulnerability in the XML serializer ( CVE 2025-64460) was about those very two themes.

Web frameworks

Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150

AI tools like Mythos enhance cybersecurity by making vulnerability discovery cheaper and more efficient for defenders.

fromWIRED

Mozilla Used Anthropic's Mythos to Find and Fix 151 Bugs in Firefox

Mozilla's Firefox 150 includes protections for 271 vulnerabilities identified using AI tools, highlighting the significant impact of AI on cybersecurity.

fromArs Technica

Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150

AI tools like Mythos enhance cybersecurity by making vulnerability discovery cheaper and more efficient for defenders.

fromWIRED

Mozilla Used Anthropic's Mythos to Find and Fix 151 Bugs in Firefox

Mozilla's Firefox 150 includes protections for 271 vulnerabilities identified using AI tools, highlighting the significant impact of AI on cybersecurity.

more#ai-in-cybersecurity

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.

PyCoder's Weekly | Issue #720

subprocess module relies on busy-loop polling to determine whether a process has completed yet. Modern operating systems have callback mechanisms to do this, and Python 3.15 will now take advantage of these.

Web frameworks

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

fromDevOps.com

6 days ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

7 months ago

The Most Popular Python Frameworks and Libraries in 2025 | The PyCharm Blog

FastAPI leads Python framework usage in 2024 with 38%, offering high-performance async APIs, type safety, auto-generated docs, and strong ML deployment support.

PyCoder's Weekly | Issue #721

Text classification and compression converge via incremental compressors; Python 3.14's zstd support enables experimenting with ML through compression.

4 weeks ago

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

Compromised LiteLLM packages executed a three-stage payload targeting sensitive data in cloud environments before being removed from PyPI.

fromPython Software Foundation Blog

Join the Python Security Response Team!

The Python Security Response Team adopted formal governance (PEP 811), public membership, and a defined onboarding process to strengthen Python ecosystem security.