10272 matches found
CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
Malicious code in time-server-analyzer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 95abdeda4b05cb93bb442d77d1b339498503b1fddb72e3579359f39c5952513b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in time-check-server-get (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 25b39f6b89687636c8f9e90e3c326bcfb64ecbfa2594850247d4d2e9646b9257 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-191900 Malicious code in time-check-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a5da6618a6f04ceb52acd56bc78e318cb7fbffa07ef3acc041729afe52428c44 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-191886 Malicious code in tclients-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7e1b954f34e0b9f14cca18b47f856a049c06e3503f3186ec2ae4db717a1298a8 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-6583 Malicious code in serverkeeper-verifier (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 62ec235d314e175928f82504dade8d7f8313bc88707038976e5be6d78709b869 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in amzclients-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7918a5aab99f521336ce5a17ca3b3dae77256011f91ed8dc22c4d9a38123f539 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-3475 Malicious code in timekeeper-verifier (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3a20fe9fed2445d097ddfd628d59e1b8149913aec4915c112cacfa9fb7cdfc6e This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in alicloud-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6366aa8c2eff918da0f1cc2118a026e749592f71bebbe81215877575b9593c6a This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-3006 Malicious code in tcloud-python-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 221affa8a84428ae21f288ce299d114742d269e7bbcbf223a0aa666327fae2c4 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in enumer-iam (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8062489d0fe9ae58c1937e4afba7f0f3adfbd507e07dd81bb9450bf7f58c6943 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-191673 Malicious code in acloud-clients (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 89813876cca364b0dffda624005d527aa3c9f54ea7ce20af8186faf8f374ba6f This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-2948 Malicious code in coingenerator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78810d9638861bd92d3f96d7e29a552a41eb97b69b8deba84892cc7f458fb8c0 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...
MAL-2025-2947 Malicious code in coinanalyze (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f7faa2aef0e6f2b325d841b405418465db3f0dd601519861d70df45bb4d7adb5 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...
MAL-2025-3010 Malicious code in transaction-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 49ab525dda997f7abc07f4ef30a62443e40a0f01e218b74d6db9b378fe51f2a4 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...
MAL-2025-2946 Malicious code in coinanalysis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 786d19aeeea93da949996b447b05122b0750075cb98b943dcb27c0ea622521ea Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...
MAL-2025-3016 Malicious code in web3node (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9f226e2391e0717c113d67f398aae7c36705ffbef3310caebd76a1b8b11f0811 web3socket: In the class there is a hidden code that loads a binary Python code from a remote location impersonating PyPI Github account web3node: The package ...
MAL-2025-3004 Malicious code in systoring (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5be790277882f23120bae2ed3979650349878074f8d3d10f869d726fa106160f Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...
MAL-2025-2938 Malicious code in asyncconfigreader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c563ba469b1149ae0a06684eb3db69c618ec0780f66670b8183a874ef78d9c3 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...
MAL-2025-3015 Malicious code in watchitoring (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0b2a1b7442e643963d1f4aa3fe8696741f7ed248d39effb173f8d77e37690066 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...