The Security Ledger

Technology’s “Upside Down”? Software Supply Chain

Stranger Things concept of the “Upside Down” is a useful way to think about the risks lurking in the software we all rely on.
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

Pandas 3.0 brings unified string type and performance optimization

With the PyArrow library installed, pandas 3.0 interprets string columns automatically as the str data type instead of NumPy- ...
SecurityWeek

Chainlit Vulnerabilities May Leak Sensitive Information

Vulnerabilities in Chainlit could be exploited without user interaction to exfiltrate environment variables, credentials, ...
Security Boulevard

Arcjet Python SDK Sinks Teeth Into Application-Layer Security

A new Arcjet SDK lets Python teams embed bot protection, rate limiting, and abuse prevention directly into application code.
Techzine Europe

Anthropic invests in Python ecosystem security

Anthropic is entering into a two-year partnership with the Python Software Foundation. The company is investing a total of $1 ...

Anthropic backs Python security with $1.5 million PSF partnership

Anthropic has committed $1.5 million to the Python Software Foundation (PSF) under a two-year partnership aimed at strengthening security across Python’s core infrastructure and package ecosystem. The ...

Anthropic finds $1.5 million to help Python Foundation improve security

The Python Software Foundation (PSF) has an extra $1.5 million heading its way, after AI upstart Anthropic entered into a ...