57981 matches found
MAL-2026-5290 Malicious code in cmd2func (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 055d480cc069717b82f618e12d453e7d8dc7d2e83bf77ae25ae23f71e73a1d1a The package installs cmd2func-setup.pth, a.pth file that Python auto-loads at every interpreter start. The single-line payload uses the.pth...
Malicious code in magique-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6806267ad399a4b51411f5176e26470cccb7803dff5f0f6f1e3dca6e6c82170c Versions 0.4.4, 0.4.5 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in mflux-streamlit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27ef4c7f33e59dbe037d4b212286dd08cb7b1824c28c0032eb2d91db7a2b0174 Versions 0.0.3, 0.0.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in uprobe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82230ac4ef4464e9696491bf25cfabbd5cff78ab2256f4aa1a0d5ad7456218a8 The package installs uprobe-setup.pth, which Python auto-loads at every interpreter startup in any environment where the wheel is present. The.pth...
Malicious code in dynamo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a4e35bea632f7363e7a1cc6ccbfb9227eca2c4720b0a689edc1bc3ce64c9d85c Versions 1.5.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
Malicious code in napari-ufish (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5103d2b75fe554764a66f5e03957c303d4085a7d5133463f58aa0c83a87f5d7d Versions 0.0.2, 0.0.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in bramin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827 bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup system-wide, not only when bramin is imported. The.pth...
Malicious code in executor-http (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...
Malicious code in mrbios (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d1c97dced5d8f917e2e9901e0ed99fb0034bfafb5a3d46ad47eeba76a883c57 The package installs mrbios-setup.pth into site-packages. Python auto-loads.pth files at every interpreter startup, so the contained payload runs...
Malicious code in synago (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3e1bae7957cb735edd8424c1d2efe54b597c3a484ba77c9239e9ff8ec06327f The package installs synago-setup.pth, which Python auto-executes on every interpreter startup not only on import synago. The.pth contains an...
Malicious code in coolbox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...
Malicious code in magique (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d3bf9e3bbd5c258d251ade5a15f3383a47a53ddd399d7cd3db2aee5cec45c4 Versions 0.6.8, 0.6.9 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in executor-engine (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...
Malicious code in ensmallen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f844af5d6142ffdd36c3697ff26feabb3d79b6f75e5ac403d2ade6460023e04c Versions 0.8.101 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using...
Malicious code in gpsea (PyPI)
The package gpsea version 0.9.14 contains a malicious .pth file gpsea-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscated JavaScrip...
Malicious code in pyphetools (PyPI)
The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...
Malicious code in ray-mcp-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eae739a0cbe63099850e15e7ed9a72efd9d840d8cf003aa8c8dae1bb4c78a716 Versions 0.2.1 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
Malicious code in langchain-core-mcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd42d83950d8d8fc559905eed104af38cd6c8aef683b96778f0b8d778dd6bd5a Package langchain-core-mcp impersonates the legitimate langchain-core publisher: METADATA sets Project-URL Repository to...
Malicious code in nucbox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e98ac1a9b5840905b608a09e8e66c73b750c0baa17d6b7789adfc94a8fd815e4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in cmd2func (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 055d480cc069717b82f618e12d453e7d8dc7d2e83bf77ae25ae23f71e73a1d1a The package installs cmd2func-setup.pth, a.pth file that Python auto-loads at every interpreter start. The single-line payload uses the.pth...