It's a really good article and apologies to the author for nitpicking but even as a bona fide Python fanboy I had to raise my eyebrows at this statement:
> Some programming languages, like Python, come with an easy, more or less official method of installing dependencies for your projects.
I mean, have you ever used a language like Java? Python has a bad package manager story, sure, but it has a package manager story - that's not actually particularly global afaik
It's amazing that such a simple vulnerability can be leveraged in practice to gain access to so many machines on so many different organizations. Props to the researcher!
