HackingPassion.comPython-Security
2 posts
BadHost Breaks Into FastAPI and vLLM With a Single Character
BadHost is one character in an HTTP header that bypasses authentication on FastAPI, vLLM, LiteLLM, and the Python MCP SDK. They all run on Starlette. Starlette …
How TeamPCP Poisoned Six Python Packages and Breached Over 1000 Organizations in Five Weeks
A group of attackers has been quietly poisoning Python packages for five weeks straight. They have exfiltrated data from over 500,000 infected machines, hit …