Malicious code in system-integration-toxi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 096a1a342309a85666ad92b45da1da18ca808e16c93819a3122b2c6bbc2a15d6 During importing the module, code downloads and executes a remote script. During the analysis of this package, the code was a placeholder, but the package is...

Malicious code in system-integration (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 106aadf74e260c98fb25e21fc8ff5bea93798cc75117200447687debe7f9fba2 When importing the module, code downloads and executes a highly obfuscated remote script. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

MAL-2026-499 Malicious code in system-integration (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 106aadf74e260c98fb25e21fc8ff5bea93798cc75117200447687debe7f9fba2 When importing the module, code downloads and executes a highly obfuscated remote script. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

MAL-2026-492 Malicious code in tableates (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c69d9a3e244227f4e4146b60829ead907656c47989b3b83e1e5f56a2c06064ff Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in tableates (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c69d9a3e244227f4e4146b60829ead907656c47989b3b83e1e5f56a2c06064ff Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2026-0788

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

Malicious code in urlsssser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 242b446cd6cce908f668bfc1b199aa8f54a9ee1138b399ea6012f3b2bd2624e8 Package does not contain malicious code, but was published as a part of the malicious campaign and is used during further infection stages --- Category:...

Malicious code in urlsser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4f6d5a2656d3741fd7a1a4c50a9d3332a09874ef7c46713d0ad5e36478a063e This package does not directly contain malicious code, but was uploaded as part of the malicious campaign and is used as a helper in further infection stages...

MAL-2026-468 Malicious code in urlsser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4f6d5a2656d3741fd7a1a4c50a9d3332a09874ef7c46713d0ad5e36478a063e This package does not directly contain malicious code, but was uploaded as part of the malicious campaign and is used as a helper in further infection stages...

MAL-2026-351 Malicious code in nanoinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f6ea4dd9867e528445ba01d2ceed3638e6178b2a940a2598c0f89eca5795802 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

Malicious code in nanoinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f6ea4dd9867e528445ba01d2ceed3638e6178b2a940a2598c0f89eca5795802 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

MAL-2026-350 Malicious code in bnanainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa730f845044e96bb14f1b7245d35b819dc8a9ddeef07c952c22e65f85c0a459 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

Malicious code in bnanainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa730f845044e96bb14f1b7245d35b819dc8a9ddeef07c952c22e65f85c0a459 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

MAL-2026-326 Malicious code in urlssser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a59189804dc7b527969a4ed7e4d95fac2b98812c309142270b27cdca47729be This package does not directly contain malicious code, but was uploaded as part of the malicious campaign and is used as a helper in further infection stages...

Malicious code in urlssser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a59189804dc7b527969a4ed7e4d95fac2b98812c309142270b27cdca47729be This package does not directly contain malicious code, but was uploaded as part of the malicious campaign and is used as a helper in further infection stages...

Malicious code in marshel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b25f97e5a657b33bb26f2ccdfbdb55e459274a4cb3e19e38d3f04ba6ea3583 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2026-325 Malicious code in marshel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b25f97e5a657b33bb26f2ccdfbdb55e459274a4cb3e19e38d3f04ba6ea3583 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

CVE-2025-15265

A flaw was found in Svelte. A remote attacker can exploit this Cross-Site Scripting XSS vulnerability during asynchronous hydration by providing specially crafted input. This input, when processed, allows for the injection of arbitrary JavaScript into a user's browser due to improper escaping of...

CVE-2025-15265

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for session theft and account compromise. This...

Malicious code in haqawi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6c55dd7769c6bf39fd838af80c68669f79339abce1333cd421d9477144d7fde4 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...