Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads...

Malicious code in polyutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

Malicious code in polyclawd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1f994af0e1b17c0d30e950a5aef9a45d8e34f6f59ab45fadddb05b340ed5cdad The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

MAL-2026-927 Malicious code in polyclawd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1f994af0e1b17c0d30e950a5aef9a45d8e34f6f59ab45fadddb05b340ed5cdad The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

Malicious code in clawdist (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3008887b6c2929530cd48dc996c91d70eb92432465d02f4ff28e6d5927350097 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

CVE-2019-16784

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer also styled as VVS $tealer that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a repo...

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. "The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprint...

Privilege Escalation

PyInstaller is vulnerable to Privilege Escalation. The vulnerability is due to the bootstrap process appending a special entry to sys.path and attempting to load an optional bytecode-decryption module while that entry is present, which allows an attacker who can create files/directories next to t...

EUVD-2020-0155

Malware in sbrugna...

EUVD-2023-0216

Malicious code in bioql PyPI...

Important Photon OS Security Update - PHSA-2025-5.0-0634

Updates of 'python3-pyinstaller' packages of Photon OS have been released...

OESA-2025-2324 python-pyinstaller security update

PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...

OESA-2025-2323 python-pyinstaller security update

PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...

OESA-2025-2322 python-pyinstaller security update

PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...

Important Photon OS Security Update - PHSA-2025-4.0-0877

Updates of 'python3-pyinstaller' packages of Photon OS have been released...

CVE-2025-59042

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

SUSE CVE-2025-59042

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

ak-frame-extractor (>=1.0.0 <=1.3.0), ak-video-analyser (=0.0.2) +111 more potentially affected by CVE-2025-59042 via pyinstaller (>=3.0.0 <=5.9.0)

pyinstaller PYPI version =3.0.0, =1.0.0, =0.2.4, =0.1.0, =0.2.0, =0.0.25, =0.1.0, =0.1.0, =0.99.6.2, =0.1.0, =0.3.0, =0.6.0 and more Source cves: CVE-2025-59042 Source advisory: OSV:GHSA-P2XP-XX3R-MFFC...

PyInstaller has local privilege escalation vulnerability

Impact Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with...