Word of the Week: Did the Trump administration commit ‘perfidy’?

A New York Times report suggested that a September US strike against a boat in the Caribbean may have been an act of “perfidy.” Legal experts weigh in.
The Hacker News

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three vulnerabilities in Anthropic’s MCP Git server allow prompt injection attacks that can read or delete files and, in some ...
The Star

Man who killed python after dog attack in Ugunja to be compensated — KWS

The incident that attracted attention prompted a visit by a Kenya Wildlife Service (KWS) team led by Grace Kariuki, the Senior Warden for Kisumu and Siaya counties, to his home. Speaking within his ...
Dark Reading

AI Bolsters Python Variant of Brazilian WhatsApp Attacks

Attackers behind a self-propagating malware campaign targeting Brazilian financial institutions have accelerated and upgraded their malicious activity, using artificial intelligence (AI) to spawn a ...
bitnewsbot

Legacy Python Package Vulnerabilities Risk Supply Chain Attacks via Domain Takeover

Legacy Python packages contain vulnerable bootstrap scripts that can enable domain takeover attacks on PyPI. The vulnerable bootstrap scripts fetch installation files from a now-available domain used ...
devdiscourse

Python Attack at Kota Power Plant Sparks Investigation

A labourer was saved by coworkers after a python coiled around his legs at Kota thermal power plant. The injured python, facing slim survival prospects, is under treatment. Authorities are searching ...
Newsweek

America’s Most Common Passwords Revealed—and It’s Bad News for Boomers

A new study has revealed America’s most common passwords and the results make for concerning reading. It’s more important now than ever before for web users to protect personal information online with ...
Bleeping Computer

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
CSOonline

Brute force attacks hitting SonicWall firewall configuration backups

SonicWall is warning admins that recent brute force attacks on its firewall’s API service for cloud backup could have exposed backup configuration files stored in its cloud portal. Affected are ...
Bleeping Computer

PyPI now blocks domain resurrection attacks used for hijacking accounts

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...
The Hacker News

Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn't write. But in 2025, ...