腾讯网

PyInstaller工具漏洞预警,可致攻击者执行任意Python代码

PyInstaller项目近日发布补丁,修复了一个影响6.0.0之前版本打包应用程序的本地权限提升漏洞(CVE-2025-59042,CVSS评分7.0)。该漏洞可能导致攻击者在PyInstaller冻结应用的引导过程中执行任意代码。 技术原理 PyInstaller通过打包解释器和依赖项将Python应用程序转换为 ...
InfoWorld

How to use PyInstaller to create Python executables

Powerful and versatile as it is, Python lacks a few key capabilities out of the box. For one, there is no native mechanism for compiling a Python program into a standalone executable package. To be ...
CSOonline

Typo hackers sneak cross-platform credential stealer into 10 npm packages

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest credentials from browsers, SSH keys, API tokens, and cloud configuration ...