Python is for one of the most used programming language to date. Especially in the AI/ML world and the cyber security world, most tools are based on Python programs. Large and small businesses use and trust Python to run their business. However even when using Python the risk on security issues is never zero. Static application security testing (SAST) tools , like Python Codeaudit program should be used to prevent security risks or to be aware of potential risks that comes with running the software.
1 From SOC Alert Triage to 0-day Mass Exploitation
When you are using MSSharepoint and store data that is not meant for public eyes you are not taken cyber security serious. MS Sharepoint has a very long history of public known zero days. And evidence shows that hacking a MS Sharepoint system without notice requires little knowledge. July 2025 worldwide headlines again reported massive hacks on MS Sharepoint. Now U.S. government and partners in Canada and Australia are hit. Attackers exploiting the newly-discovered flaw are retrofitting compromised servers with a backdoor dubbed “ToolShell” that provides unauthenticated, remote access to systems. Microsoft has released a fix, but this has attracted even more hacks on systems.
(Link)
2 Deep Person Re-Identification via Wi-Fi Channel Signal Encoding
Person Re-Identification is a key and challenging task in video surveillance. But now persons can be identified with another technique which combines WiFi and ML algorithms.
(Link)
3 Stop Using Encrypted Email
This great 2020 article of a highly valued security expert must make you think. It’s no bullshit. Sending encrypted email is a mess and will never be secure. Metadata is as important as content, and email leaks it.
(Link)
4 Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
If you do not care about protecting of your source code, use an AI-agent. As side effect maybe more data will be captured without your knowledge. That is the consequence with allowing an insecure and non-trusted network connection to your system. This time GitLab, but almost all AI-agents face have severe security risks when using.
(Link)
5 post-quantum cryptography: PQChoiceAssistant
This open-source tool provides you with advice on the applicability of various post-quantum cryptographic algorithms for your use case. Nice tool that according to my judgement is safe to use. Even with the online version, since no data leaves your browser.
(Link)
6 Reproducible Builds – Security Audit
Reproducible Builds is a set of software development practices that create an independently-verifiable path from source to binary code. It’s crucial to ensure the security of the ‘supply chains’ used in open source software—preventing attacks targeting the complex systems that build shared digital infrastructure. Main outcome is that it is even for the great security experts behind one of the tools of Reproducible Build challenging to keep XML parsing secure.
(Link)
7 Frequent reauth doesn’t make you more secure
MFA challenges slow us down.It’s annoying and we often don’t understand the added value. The recommendations given in this article are not plain right, nor plain wrong. But we known for more than 20 years that frequent re-auth is less secure because it encourage poor password hygiene like short passwords, writing them down etc. A deep problem within the IT security industry is that many auditors lack the crucial technical knowledge to make sensible policies or judge solutions on real risks.
(Link)
8 Allianz Life confirms data breach impacts majority of 1.4 million customers
These type of articles are exemplary of the way in which cyber security is handled in very large companies or governmental organisations. Security is still not taken serious and most companies do not feel any real pain when customer data is stolen. All consequences are for customers. So you are on your own, expect no compensation, or help when your data used against you.
(Link)
9 Python Code Audit
Python Codeaudit is a tool to find security issues in Python code. This static application security testing (SAST) tool has great features to simplify necessary security tasks and make security fun and easy.
(Link)
Our partners:
The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.