MAL-2026-3364 Malicious code in quicklytookerv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2026-2541 Malicious code in gd-auth-sso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8f23b8545f85df66640646272b028ab4db1032fcb4fd5bbd745971b3438cc4f1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in magtape (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f476b63043b398a38eb28706575478aab4fb04820ce16d7836e726df21a1a93 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in mattermost-data-warehouse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 50f2483a1650869326d4fddf7bf66bc1dc6e6d614300cf8b41577595ded48165 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-1351 Malicious code in faaladorcli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0c3b79e20d5c0305695699a443c35baf74deda90bad7263cd0b3f9bd3613572 During installation or import, the package exfiltrates basic information in a dependency confusion attempt. The user identifies themselves as a HackerOne user...

CVE-2026-20057

Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications VBA feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to lack of proper error checking when decompressing VBA...

CVE-2026-20054 Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Infinite Loop Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this...

Malicious code in scraper-npm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5705e85e8288aeffbfe964329624dcbb5b2e30cebb0023da5b605ee5fb0aef4e During import, the package exfiltrates files especially .env and JSON and eventually configures a backdoor by adding its own SSH key to the authorizedkeys. ---...

Malicious code in rzr-home (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 14fb9c76cd89c8c46f6d961d450c57fcc5f454cd3ce67a53a1868ba36f66fec1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in credit-decision-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a0320017dad96c95d4741c311ead566b7d6bea0c7ffdceea82b435ce74a40de Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

MAL-2026-352 Malicious code in medifile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c005d95a9b1b91118e9306168ce69163190184714fe53c65b7ba716e867c8da Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191932 Malicious code in win32con (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b4e7d7a177e3531b4a2566e3c5d1796c1bf18c922bda8943d13e92ef33044141 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

MAL-2025-191884 Malicious code in tableausdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2facdadd713d6c1751cf3c2ca1e5e76f1cb367c5d30c3f06fe73808c6a08fca3 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

Malicious code in basic-data-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1226e5e77825d2e5d196dbb1155230067191bfad4c3777ba65b50ab5a95dc9e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1573 Malicious code in basic-data-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1226e5e77825d2e5d196dbb1155230067191bfad4c3777ba65b50ab5a95dc9e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-191770 Malicious code in just-framework (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95cb11d9c49d15c2a3d932930ab9d4f1567e118bf2ed951ab313856878f88859 Importing the module exfiltrates basic information using DNS queries. There is no other purpose of the package. --- Category: PROBABLYPENTEST - Packages lookin...

Malicious code in bytekafka-0-0-15 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4619fa745296f46998d4eb4e25a7f4841bdd8634ead366c63521d25abf739a7e A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Malicious code in ttat-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 171a49cab7c7b9f2c358c0e14882706dcd80cde089799698400155ee26240e80 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

Malicious code in advdef01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44ffce32113cbe3c908fd584f4b02617cafcfecccc3cea1c4fc068021c4bfa7d Package uses the template from https://github.com/thegoodhackertv/malpip to explore building malicious PyPI packages. --- Category: MALICIOUS - The campaign ha...

Malicious code in manoj3121pip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ca36f3207b39f83d096054f521bd3dbbedf899c5f9d9e0fa494b6c216b56d481 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...