News

The Hacker News9d
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
GCP’s ConfusedComposer flaw let attackers escalate privileges via PyPI packages; patched by Google on April 13.
Everything you need to get up and running with MCP – Anthropic's USB-C for AI
As we mentioned earlier, Open WebUI supports MCP via an OpenAPI proxy server which exposes them as a standard RESTful API.
GitHub21d
Facebook Business SDK for Python
facebook_business is a Python package that provides an interface between ... it may be either a SDK issue or API issue. This can be identified by constructing a raw cURL request and seeing if the ...
Bleeping Computer26d
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
The malicious package contains a Python script that visits legitimate WooCommerce sites, collects product IDs, and then adds items to the cart by invoking the store's backend. Next, it navigates ...
Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command ...
Bloomberg L.P.23d
Modernizing how traders enhance their workflows with Python API
Bloomberg’s DOR API makes trading easier – It helps ... In it, you will find the Python package dor-1.1.0.tar.gz, an examples directory and a README.pdf file to help you with the installation.
TechRadar25d
Malicious Python packages are stealing vital data, and have been downloaded thousands of times already
and the third to test for valid credit cards All three have since been removed from the repository Multiple open source software packages on the Python Package Index (PyPI) repository were found ...
6 Best Free Inventory Management Software for 2025
Explore the best free inventory management software for 2025. Compare features, ease of use, and reliability to find the ...