Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
22 articles

#Python

All CosmicBytez Labs articles tagged #Python, across news, security advisories, how-to guides, and projects.

  • SecurityJul 9, 2026

    CVE-2026-15062: Critical SQL Injection in Snowflake Snowpark Python SDK

    A critical-severity SQL injection vulnerability (CVSS 9.6) in the Snowflake Snowpark Python SDK allows authenticated low-privilege users to execute SQL...

  • SecurityJul 8, 2026

    CVE-2026-33264: Apache Airflow Scheduler RCE via DAG Deserialization

    A critical deserialization flaw in Apache Airflow allows malicious DAG authors to execute arbitrary code on the Scheduler and API Server, scoring CVSS...

  • NewsJun 14, 2026

    'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

    The latest supply chain attacks against PyPI, which hit 37 wheels and 19 code packages, show a continued evolution of the persistent Shai-Hulud software...

  • SecurityMay 30, 2026

    CVE-2026-10042: manga-image-translator RCE via Unsafe Python Deserialization

    A critical CVSS 9.8 remote code execution vulnerability in manga-image-translator allows unauthenticated attackers to execute arbitrary commands by...

  • SecurityMay 22, 2026

    CVE-2026-48207: Apache Fury PyFury Deserialization RCE

    A critical deserialization vulnerability in Apache Fury's Python library PyFury allows attackers to bypass DeserializationPolicy validation hooks via the...

  • SecurityMay 19, 2026

    CVE-2026-8838 — Amazon Redshift Python Driver RCE via Unsafe Code Execution

    The Amazon Redshift Python driver before version 2.1.14 contains a critical vulnerability where the vector_in() function executes arbitrary code received...

  • NewsApr 30, 2026

    PyTorch Lightning and Intercom-client Hit in Supply Chain

    Threat actors compromised the popular Python PyPI package 'Lightning' — used for PyTorch model training — pushing malicious versions 2.6.2 and onward to...

  • SecurityApr 24, 2026

    Pipecat AI Framework RCE via LivekitFrameSerializer

    A critical vulnerability in Pipecat's optional LivekitFrameSerializer class allows unauthenticated remote code execution in the popular AI voice agent...

  • SecurityApr 24, 2026

    CVE-2026-26210: KTransformers Unsafe Deserialization RCE

    KTransformers through version 0.5.3 contains a critical unsafe deserialization vulnerability in its balance_serve backend mode, where an unauthenticated...

  • SecurityApr 23, 2026

    CVE-2026-39987: Marimo Pre-Auth Remote Code Execution

    A critical pre-authorization remote code execution vulnerability in Marimo, the open-source reactive Python notebook, allows unauthenticated attackers to...

  • SecurityApr 19, 2026

    CVE-2026-6577: DjangoBlog Missing Authentication in OwnTracks logtracks Endpoint

    A missing authentication vulnerability in liangliangyy DjangoBlog up to 2.1.0.0 allows unauthenticated remote attackers to access the logtracks endpoint...

  • SecurityApr 19, 2026

    CVE-2026-6580: DjangoBlog Hard-Coded Cryptographic Key in Amap API Handler

    A hard-coded cryptographic key vulnerability in liangliangyy DjangoBlog up to 2.1.0.0 allows remote attackers to exploit the Amap API Call Handler in...

  • SecurityApr 9, 2026

    CVE-2026-39888: PraisonAI Sandbox Escape Enables Remote

    A critical sandbox escape vulnerability in PraisonAI's multi-agent framework allows attackers to bypass the Python code execution sandbox, defeating the...

  • SecurityMar 31, 2026

    CVE-2026-32714: Critical SQL Injection in SciTokens

    A critical SQL injection vulnerability in the SciTokens Python library allows attackers to manipulate authentication token validation via unsanitized...

  • NewsMar 28, 2026

    Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV

    Threat actors known as TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions that conceal credential-stealing malware inside...

  • NewsMar 28, 2026

    New Infinity Stealer Malware Grabs macOS Data via ClickFix

    A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka...

  • NewsMar 25, 2026

    Supply Chain Attack Hits Widely-Used AI Package, Risking

    Malicious versions of LiteLLM — a Python package with 3 million daily downloads present in roughly 36% of cloud environments — were quietly pushed to PyPI...

  • NewsMar 16, 2026

    GlassWorm ForceMemo: Stolen GitHub Tokens Used to Poison

    The GlassWorm threat actor has launched a new sub-campaign called ForceMemo, using stolen GitHub tokens to silently force-push malware into hundreds of...

  • SecurityFeb 20, 2026

    Critical RCE in Microsoft Semantic Kernel Python SDK

    A maximum-severity code injection vulnerability in Microsoft's Semantic Kernel Python SDK allows authenticated attackers to execute arbitrary code through...

  • HOWTOFeb 9, 2026

    Building Event-Driven Systems with Python asyncio

    Design and implement event-driven architectures using Python asyncio. Covers event buses, async task orchestration, graceful shutdown, and real-world...

  • HOWTOFeb 7, 2026

    Automating Report Generation with Python and Jinja2

    Build an automated report generation system using Python, Jinja2 templates, and data extraction from multiple sources. Covers multi-tenant data...

  • HOWTOFeb 2, 2026

    Python for Security Automation: Essential Scripting

    Learn Python security scripting fundamentals including network scanning, log parsing, hash analysis, API integration, and automated threat detection for...