The serpent’s tongue: Luring the Python out of its den
ID: b5549ea9-b6d6-5329-af0e-f0bb52d908ba
STIX ID: report--b5549ea9-b6d6-5329-af0e-f0bb52d908ba
Feed Name: Cisco Talos
This report analyzes Python package supply-chain risks, describing the hosting, distribution, and installation layers for Python packages and detailing how adversaries abuse build hooks (setup.py/pyproject), .pth and site hook modules, PYTHONPATH manipulation, import-time payloads, entry-point hijacking, and package content collisions to achieve execution and persistence; it references real-world campaign examples (TeamPCP), quantifies growing threat trends in the ecosystem, and presents layered defensive measures including auditing, dependency pinning, isolated builds, SBOMs, and trusted publishing.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
