MAL-2025-2941 Malicious code in awsgluedq (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da16cd67a3672f17d5cce10c5626cf682be33e63db5ca04db645b975afc9bea1 This is a couple of packages with names appearing to be a library for an AWS or other service. Their only behaviour is to call home on installation or import -...

MAL-2025-938 Malicious code in just-test-framework (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab2d45d38003a542b3db3afaf891f8269c46e7ac1c342c06148f8859a03bc00e Importing the module exfiltrates basic information using DNS queries. There is no other purpose of the package. --- Category: PROBABLYPENTEST - Packages lookin...

MAL-2025-49 Malicious code in ilovenyxxbait (PyPI)

The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...

MAL-2025-990 Malicious code in syscontrol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c413668a48a55dfe9f01e94c01fcfa37b26660436d8281a4075884b1cadd06e Importing the module starts downloading and executing an Infostealer targeting browsers' and Discord data In first packages, there was a hidden line triggering...

MAL-2025-925 Malicious code in fkask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d3bbbce78f8816ead148780776c4371cdd08775ee74639fea33b9598f8bb4b2b Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

MAL-2025-968 Malicious code in reqeuts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7f01ab0a32efcdc5ca1ef531f49392818b05b088503759e97611a529f61c37e5 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

MAL-2025-999 Malicious code in utilitypyfunc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2aaf64ae76493cf55c8b9e418bc3408f9e309b5c6a590a2ad528beb5ae8dbcc0 Importing the package starts the thread that gets and executes code from the remote server. The package description suggests a rather spam than malicious...

MAL-2025-919 Malicious code in discordbotpresence (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 feb07b6deb53d133f7121c755a98920d1753dd75c4099e51e4dcb84d650d84fa Package clones another package and hides a code to download and run a malicious exe file an infostealer with high VT detection --- Category: MALICIOUS - The...

MAL-2025-940 Malicious code in lan-clean (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b77907fa5398dac2959c2fa6cc7ab1c451a318803ca9efb40ea52487080609c3 During installation, the package collects quite extensive information about the host and has no other purpose. To avoid detection, the real code is put in a ZI...

MAL-2025-942 Malicious code in langer-updater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d2e888da57bf1c53e73ed2092516a44aaf46e4876619d129b7e3e4966dfc71e During installation, the package collects quite extensive information about the host and has no other purpose. To avoid detection, the real code is put in a ZI...

Malicious code in rwoka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601385385b682f6bdaa31c763e64c5fafb16f22df60acd266c9c7f23f73208ee The package contains highly obfuscated content, that install another, downloaded from a remote location obfuscated script in the installation path of the...

MAL-2024-12342 Malicious code in rwoka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601385385b682f6bdaa31c763e64c5fafb16f22df60acd266c9c7f23f73208ee The package contains highly obfuscated content, that install another, downloaded from a remote location obfuscated script in the installation path of the...

MAL-2025-961 Malicious code in python-bitget-connect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1797b7fdf9859888b5495817784ead0bdc01e6acad5ae410af1e1df89acbded6 Importing the module starts an obfuscated PowerShell code, which downloads and executes a remote script. On Windows, the script appears to just start the...

MAL-2025-962 Malicious code in python-bitget-request (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bf787bcce66ad47046d93086a114a0f144b0f538b3d969fea6aea42b2312f58b Importing the module starts an obfuscated PowerShell code, which downloads and executes a remote script. On Windows, the script appears to just start the...

MAL-2025-963 Malicious code in python-bitget-wrapper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 769187e87797e69e9ebfc00eb97274a91fea1c86b1472b4ef6436441f737c8b9 Importing the module starts an obfuscated PowerShell code, which downloads and executes a remote script. On Windows, the script appears to just start the...

aiogithubapi (=23.11.0), pypi-attestation-models (>=0.0.1 <=0.0.5) +2 more potentially affected by CVE-2024-55655 via sigstore (>=2.0.0rc3 <=3.5.6)

sigstore PYPI version =2.0.0rc3, =0.0.1, =0.0.6, =0.1.0, =0.14.0 Source cves: CVE-2024-55655 Source advisory: OSV:GHSA-HHFG-FWRW-87W7...

aiogithubapi (=23.11.0), pypi-attestation-models (>=0.0.1 <=0.0.5) +2 more potentially affected by CVE-2024-55655 via sigstore (>=2.0.0rc3 <=3.5.6)

sigstore PYPI version =2.0.0rc3, =0.0.1, =0.0.6, =0.1.0, =0.14.0 Source cves: CVE-2024-55655 Source advisory: SNYK:PYTHON-SIGSTORE-8496397...

PYSEC-2024-154 A number of releases of ultralytics contained malicious crypto miner software.

Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultralytics package. The compromised versions contained unauthorized code that downloaded and executed cryptocurrency mining software when instantiating YOLO models. This code was injected into the PyPI...

Ultralytics AI Library Hacked via GitHub for Cryptomining

A supply chain attack on Ultralytics exploited GitHub Actions to inject malicious PyPI packages. Discover how it unfolded and the steps to mitigate the risk...

MAL-2024-11735 Malicious code in unzipxz (PyPI)

--- -= Per source details. Do not edit below this line.=-...