227 matches found
Malicious code in httpprobe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb46b890b54f51f3a98c1935dbd50e143430757c5daf4080039d32865b04c1d5 The package advertises itself as an 'HTTP probing tool for security researchers' but contains no HTTP-probing functionality. Its only behavior is to...
MAL-2026-6749 Malicious code in ipa-user-collector (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2df148f70b40274f48d5bc4d8ea5a97bb434a743cf7a5c1b271a5a5cd7fa3907 During installation the obfuscated code downloads a malicious executable from a remote location. Code is designed to survive different blocks: first, there is ...
MAL-2026-5874 Malicious code in aaaazzzzaz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
Malicious code in node-scraper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 52aa9bb0c23cd9126412a9477da59431309521a78dd65e807b7dd198367d0a83 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in dispatch-internal-plugins (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5993e79eab55ecc24ada6a4bce88f580c958499d51d0d7472e74aad904648964 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in llvm-aie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 aaaa9db3b2677afec4eb708297d457bc71941d74c73e2276e2a2fa81835f8bc3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in gigl-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5811 Malicious code in gigl-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5818 Malicious code in mlir-aie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5766 Malicious code in easyllmai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4589bbb71e0bb3589a162bf2102bba5e8bf7124d3988235647d1e3c1d01821d0 During pip install, setup.py performs an unauthenticated HTTP fetch of https://pastebin.com/raw/yBcUM1QB, takes the first line of the response, and...
Malicious code in salesforce-sysutils-diagnostics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e4ce1338f2439a1a5b2d257b96aadaef4a9c2883f6787343856728514bd148 setup.py unconditionally invokes curl at install time to POST the contents of /tmp/fake-keys.json to...
MAL-2026-5702 Malicious code in flexitest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 17f4bae10d193f8128f50dd3010d283dc89016fa468fc8d9b428b5183c505b27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in flexitest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 17f4bae10d193f8128f50dd3010d283dc89016fa468fc8d9b428b5183c505b27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in nagios-xi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c11c80cc2d314460d61a649c84fd75881388470382be8183b77b362e562a5c7f On import nagiosxi, the package's init.py lines 5-8 invokes socket.gethostbyname"atlass-check.autaeqjhfowvnnmkwhxjtq8x39d8nder1.oast.fun" inside a...
Malicious code in ultimate-ai-power (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90499eb8f54fcc67c067ef7d5397153b4abfc5bbca9d96e7deb291152f49ed3f On import ultimateaipower, the package's top-level init.py collects the local username getpass.getuser and resolved host IP socket.gethostbyname and...
Malicious code in fia-signals (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b61c6fe7ba81fd99de703bc1c00e0a93b2809363abfbf12b79fd9905830f2b54 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in jules-test-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 30c3ca1fa1b7237661d28aada477f7316b7e696a55e2c92c4dee200f291140f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2025-66592
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
Malicious code in lib-1779997093-yjeeqn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 adfe3f8b85f731f407f8da6669a76b821b042e4ea1f2fd8fcfddf3293c2ca697 During installation, the package opens a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
CVE-2025-66593
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...