cpython: CPython: Logging Bypass in Legacy .pyc File Handling

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

ONNX: External Data Symlink Traversal

Summary - Issue: Symlink traversal in external data loading allows reading files outside the model directory. - Affected code: onnx/onnx/checker.cc: resolveexternaldatalocation used via Python onnx.externaldatahelper.loadexternaldataformodel. - Impact: Arbitrary file read confidentiality breach...

Multi‑Layer Encrypted Python Payload Loader AES‑GCM + XOR + Zlib

This Python script acts as a loader that decrypts and executes a protected Python payload using multiple cryptographic and obfuscation layers. The program first requests a password from the user and derives a 256‑bit encryption key using PBKDF2 with a fixed salt salt123. The encrypted payload is...

Linux Distros Unpatched Vulnerability : CVE-2026-2297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode...

AZL-79491 CVE-2026-2297 affecting package tensorflow 2.16.1-11

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

CastleLoader Malware Now Uses Python Loader to Bypass Security

Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory...