I was annoyed that there is no "expand_grid()" function in #Python as in #RStats #tidyverse

So I just published a small package on #PyPI !

Introducing polarsgrid
https://pypi.org/project/polarsgrid/

Using the excellent #polars package, easily create a table with product of factors:

from polarsgrid import expand_grid
expand_grid(a=[1, 2, 3], b=["x", "y"])

Yields all combinations of its inputs as a #DataFrame

It can also produce a #LazyFrame for streaming extra-big tables to disk

Just published version 1.16.6 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant encounter with such a creature. Includes a (kind of janky) #YARA rule for #GIFTEDCROOK infostealer PDFs.

* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer

#python #pypi the name apocalypse is coming - all the good names are taken

PyPI Malware Exploits Instagram Growth Tools to Harvest Credentials

Pulse ID: 68496f698c9d93ca338f0790
Pulse Link: https://otx.alienvault.com/pulse/68496f698c9d93ca338f0790
Pulse Author: cryptocti
Created: 2025-06-11 11:58:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Paquetes maliciosos de #PyPI, #npm y #Ruby se han encontrado en ataques continuos a la #supplychain de código abierto
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/paquetes-maliciosos-de-pypi-npm-y-ruby-se-encontraron-en-ataques-continuos-a-la-cadena-de-suministro-de-codigo-abierto/

You want to use a #StaticSiteGenerator and need to support #multilingual sites? It’s now easier than ever! For quite a while, #Pelican had a great plugin for that use case. Now I helped migrate it to the new plugin format, which means that it can easily be installed from #PyPI. https://github.com/pelican-plugins/i18n-subsites #MultilingualDH #MinimalComputing

PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion

A malicious package campaign targeting Python and NPM users on Windows and Linux has been discovered. The attack uses typo-squatting and name-confusion tactics against the popular colorama Python package and the similar colorizr JavaScript package. Multiple packages with risky payloads were uploaded to PyPI, using names similar to legitimate packages in both PyPI and NPM. The unusual tactic of using an NPM package name to attack PyPI users was observed. The payloads allow remote access, control of desktops and servers, and exfiltration of sensitive data. Windows payloads attempt to bypass antivirus protection. The campaign's sophistication suggests targeted adversarial activity, although attribution remains unclear.

Pulse ID: 683e1f7f063d60138cc2ccf6
Pulse Link: https://otx.alienvault.com/pulse/683e1f7f063d60138cc2ccf6
Pulse Author: AlienVault
Created: 2025-06-02 22:02:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Backdoors in Python and NPM Packages Target Windows and Linux – Source:hackread.com https://ciso2ciso.com/backdoors-in-python-and-npm-packages-target-windows-and-linux-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttack #SupplyChain #Hackread #security #malware #Windows #Python #Linux #PyPI #NPM

Backdoors in Python and NPM Packages Target Windows and Linux https://hackread.com/backdoors-python-npm-packages-windows-linux/ #Cybersecurity #CyberAttack #SupplyChain #Security #Malware #Windows #Python #Linux #PyPI #NPM