In September 2024, Netskope Threat Labs reported a Python-based NodeStealer targeting Facebook business accounts. NodeStealer collects Facebook and other credentials stored in the browser and its cookie data. For over a year, we have tracked and discovered multiple variants of this infostealer. It is now targeting new victims and extracting new information using new techniques. In this blog post, we will dissect the development of the Python NodeStealer from multiple samples in the wild.

Python dominates the coding world, powering everything from web apps to AI breakthroughs. It’s so popular that 70% of developers have Python in their toolkit. It’s no wonder it consistently ranks among the top languages year after year. But with great power comes great responsibility…to write bug-free code. That’s where the secret weapon of top Python pros comes in: Static Code Analysis (SCA).

JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. This blog details a PyPI supply chain attack technique the JFrog research team discovered had been recently exploited in the wild.

Unsure which programming language to choose? Well, for a while, I was too! If you are like me, analysis paralysis can be a real pain… We have prepared a list with our top choices so you can stop wasting time and start taking action. Not only we’ll reveal the best language to web scrape, but we’ll also compare their strengths, weaknesses, and use cases, helping you make an informed decision. We won’t waste your time, as we have summarized everything for you.

Python static analysis, also known as "linting", is a crucial aspect of software development. It involves inspecting your Python code without running it to identify potential bugs, programming errors, stylistic issues, or non-adhering patterns to predefined coding standards. It also helps identify vulnerabilities early in the development process, reducing the chances of deploying insecure code into production.

When building an application that requires user authentication, implementing a secure login flow is critical. In this article, we'll walk through how we created a robust OAuth login flow for ggshield, our Python-based command line tool, to streamline the onboarding process for our users.

Flask is a powerful, lightweight, and versatile web framework for Python, that's designed to make it easy for developers to develop web applications quickly with minimal boilerplate code. It's a stand-alone microframework that doesn't need any additional libraries or tools and has no database abstraction layer.

Creating a Python package involves several actions, such as figuring out an apt directory structure, creating package files, and configuring the package metadata before deploying it. There are a few other steps that you need to follow including creating a subdirectory for tests and clear documentation. Once the package is ready, you can distribute it to various distribution archives. With that, your Python package will be ready for others to install and use.

Pickle in Python is primarily used in serializing and deserializing a Python object structure. In other words, it’s the process of converting a Python object into a byte stream to store it in a file/database, maintain program state across sessions, or transport data over the network. The pickled byte stream can be used to re-create the original object hierarchy by unpickling the stream. This whole process is similar to object serialization in Java or.Net.