Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
Software supply chain security company ReversingLabs said it found the „vulnerability“ in bootstrap files provided by a build and deployment automation tool named „zc.buildout.“
„The
https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html