Subscribe to our research

Keep up with the latest software supply chain attacks

Modern Python Build Hooks

Arbitrary code execution is possible with build hooks offered by modern Python package installers when building modern PEP-518 pyproject.toml projects....

Devious Python Build Requirements

Build requirements in Python source distributions allow attackers to execute arbitrary code in an isolated build environment that is automatically deleted after use....

Python Trojan Functions and Imports

Learn basic techniques attackers use to create malicious packages with trojan features found in attacks including typosquatting, starjacking, dependency confusion, and lockfile injection....