Lucene search
K

5 matches found

OSV
OSV
added yesterday4 views

MAL-2026-6929 Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday4 views

MAL-2026-6927 Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7089650efc5360b819e8831801bcedf6489945f5b563729e99f036461bd59092 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/01 9:3 p.m.12 views

MAL-2026-3220 Malicious code in py-clob-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7136140b365c314a42f5efe300779f093c40a41fb5c2258c7f5ff05c88eba2f8 Package exfiltrates env variables from .env files. It's a typosquatting of a legitimate package and is used in a malicious GitHub repository --- Category:...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 8:58 a.m.8 views

Malicious code in amazon-boto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 649bb559f3078565515a9fee16dbe78e0d1b5575943cbaf020135f8e70e2f17d When using the package, the given AWS credentials are silently exfiltrated to a hardcoded location. This incarnation of the long-running campaign was first...

5.3AI score
Exploits0References1
OSV
OSV
added 2025/02/25 6:18 p.m.5 views

MAL-2025-191687 Malicious code in awscloud-clients-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e27bf5713a8bafdbcc34c43b98cc4d5e9c5d03e4952f788b12ff9749081b22d2 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
Rows per page
Query Builder