Cryptopolitan on MSN

Cordyceps flaws let anyone with a free GitHub account hijack CI/CD pipelines at Microsoft, Google, and Apache

Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories ...
Hosted on MSN

Python Foundation goes ride or DEI, rejects government grant with strings attached

The Python Software Foundation (PSF) has walked away from a $1.5 million government grant and you can blame the Trump administration's war on woke for effectively weakening some open source security. ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
The Verge

Python Software Foundation turns down $1.5 million NSF grant because of the anti-DEI strings attached.

A PSF proposal to address vulnerabilities in Python and PyPi was recommended for funding, but it was declined because the terms barred “any programs that advance or promote DEI, or discriminatory ...
Bleeping Computer

Python rejects $1.5M grant from U.S. govt. fearing ethical compromise

The Python Software Foundation (PSF) has withdrawn its $1.5 million grant proposal to the U.S. National Science Foundation (NSF) due to funding terms forcing a compromise on its commitment to ...
Ars Technica

Topic: python software foundation

Ars Technica has been separating the signal from the noise for over 25 years. With our unique combination of technical savvy and wide-ranging interest in the technological arts and sciences, Ars is ...

ActiveState Releases Its Most Comprehensive Commercial Python Distribution

ActiveState, the open source languages company and founding sponsor of the Python Software Foundation since 2001, announced today the immediate availability of a vastly expanded ActivePython 2.7.13 ...