Decentralized Threat: Stealthy P2P Cryptominer Targeting Ollama Endpoints

The Akamai SIRT uncovered a custom P2P Trojan masquerading as system activity. Learn how to detect and mitigate this stealthy Go-based cryptominer...

Malicious code in xmrig-miner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3d760afc863697f46cbb6716644c1e7b7e937044ee10ce72b3bce7b549cdcc8 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

MAL-2026-1282 Malicious code in xmrig-miner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3d760afc863697f46cbb6716644c1e7b7e937044ee10ce72b3bce7b549cdcc8 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

Malicious code in py-sysbench (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bcd34dcdc69398d2b97a0890cc550974824096b2844524f868505aa32032f147 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

MAL-2026-1279 Malicious code in cpucheck (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c9d20d009145b270e9b9f2bb73540bb7484845f0cbe9c73f4cf20cc28f776c9 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

Malicious code in tensorflow-opt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14 Package is likely a dependency confusion against some legitimate extension packages for TensorFlow but contains just cryptominers. When calling the "start"...

MAL-2026-983 Malicious code in tensorflow-opt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14 Package is likely a dependency confusion against some legitimate extension packages for TensorFlow but contains just cryptominers. When calling the "start"...

PT-2026-20256

Old vuln, new life: React2Shell CVE-2025-55812 is seeing a surge in active exploitation with reverse shells + cryptominers. If your patching is based on CVSS instead of real-world activity, you’re already behind. https://t.co/2hEOe08JVG CyberSecurity ThreatIntel PatchNow...

MAL-2026-35 Malicious code in aiihttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98bbfaaccc91213e80bb0a09f5081a5701cf01629ac8b82370adbbbc42178b0 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

Malicious code in auohttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4b76a407d91e23cb990d6ed08e3c0e81898f2b97d690db76b4e3b547fda5fab Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

Malicious code in aiohtto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9338a4f3f167cf0ba279696ac9ae9bae26219391e2a87a805cc8bb92b4cddd6e Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

MAL-2026-36 Malicious code in aiohtto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9338a4f3f167cf0ba279696ac9ae9bae26219391e2a87a805cc8bb92b4cddd6e Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

About Remote Code Execution – XWiki Platform (CVE-2025-24893) vulnerability

About Remote Code Execution - XWiki Platform CVE-2025-24893 vulnerability. XWiki is a free and open-source wiki platform written in Java, with a strong focus on extensibility. It supports WYSIWYG visual editing, importing and exporting documents in OpenDocument format, adding annotations and tags...

New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs

Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development...

Malicious code in free-coin-master-spins-links-2023-hrgrs (npm)

The package free-coin-master-spins-links-2023-hrgrs was found to contain malicious code...

Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware

Cryptominer campaign runs for years using legit sites to spread malware, targeting Linux systems through known bugs and avoiding detection...

Valkyrie: a Response Framework to Augment Runtime Detection of Time-Progressive Attacks

A popular approach to detect cyberattacks is to monitor systems in real-time to identify malicious activities as they occur. While these solutions aim to detect threats early, minimizing damage, they suffer from a significant challenge due to the presence of false positives. False positives have ...

CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims

Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads...

StaryDobry ruins New Year’s Eve, delivering miner instead of presents

Introduction On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRi...

Malicious Embedded Code

Overview ultralytics is an Ultralytics YOLOv8 for SOTA object detection, multi-object tracking, instance segmentation, pose estimation and image classification. Affected versions of this package are vulnerable to Malicious Embedded Code. These versions have been compromised to install an xmrig...