87 matches found
Malicious code in coolbox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...
Malicious code in ppkt2synergy (PyPI)
The package ppkt2synergy version 0.1.1 contains a malicious .pth file ppkt2synergy-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an...
Malicious code in bramin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827 bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup system-wide, not only when bramin is imported. The.pth...
Malicious code in orchestr8-platform (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9526ae43236ac15964b307175384455975ace26d8157ef3c41ed8db8192562 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
Malicious code in pyphetools (PyPI)
The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...
Malicious code in mem8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c765c6eef25d18c5a10057d62908ac3bc1ece86e39a9807683834fb7f896b52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
MAL-2026-5321 Malicious code in orchestr8-platform (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9526ae43236ac15964b307175384455975ace26d8157ef3c41ed8db8192562 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
MAL-2026-5323 Malicious code in ppkt2synergy (PyPI)
The package ppkt2synergy version 0.1.1 contains a malicious .pth file ppkt2synergy-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an...
MAL-2026-5278 Malicious code in spateo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
MAL-2026-5282 Malicious code in mrbios (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d1c97dced5d8f917e2e9901e0ed99fb0034bfafb5a3d46ad47eeba76a883c57 The package installs mrbios-setup.pth into site-packages. Python auto-loads.pth files at every interpreter startup, so the contained payload runs...
MAL-2026-5300 Malicious code in funcdesc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a5756a79331cdda67721e39889609f5c0b5e342b678dbce2de97c94ec2dbe29 The package installs funcdesc-setup.pth, which Python auto-executes at interpreter startup for any environment where this package is installed. The.p...
MAL-2026-5298 Malicious code in executor-engine (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...
MAL-2026-5295 Malicious code in coolbox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...
Malicious code in @redhat-cloud-services/host-inventory-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/hcc-pf-mcp (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/insights-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/remediations-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5141 Malicious code in @redhat-cloud-services/host-inventory-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5143 Malicious code in @redhat-cloud-services/javascript-clients-shared (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...