Malicious code in vfat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 625cd870f2a5de965448b7d69832d398b1bf789babe34a594e8724c5bc42ef48 The package exfiltrates sensitive files and env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in timesmcplib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da06df6b9831a400bbf6f90e6ae20c8633f5ca98f71ca4927cbc0647ec6ccb17 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

MAL-2026-3198 Malicious code in timecurrently (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e505f67724cdcb9846add9bc1236a4cf256f954d9be1dbc98a51b387cbc4871 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

Malicious code in timemcp-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2370fd05b77259c6177d02a019d357a9e7773539588345fe4a5582a9582a1aa3 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

Exploit for Path Traversal in Mattermost Mattermost_Server

🔥 CVE-2025-25279 — Mattermost 10.4.1 📤 Path Traversal dan...

Malicious code in process-support (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ba15c5dd66c6282ee21f8ee819191d6fbbbf194845ad231ac7d26856d334db70 During import, the package automatically starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing...

Malicious code in chainutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...

PT-2025-48314

Name of the Vulnerable Software and Affected Versions Mustang versions prior to 2.16.3 Description Mustang before version 2.16.3 is susceptible to XML External Entity XXE attacks, which can lead to the exfiltration of files. XXE attacks occur when an application parses XML input that contains a...

Malicious code in rtcpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75bd7b21b8b27920b63ff14b07b761f57e72da9866682e4e49bd569e660215fd Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...