MAL-2026-6262 Malicious code in inversiones-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...

Malicious code in env-loader-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1749501a0825ad4a98638bbab4bd2bd9550436adcb9bb7781b6552735f7f3eb0 The package advertises itself as a benign.env/JSON/YAML loader but its top-level init.py imports a hidden core module that, on every import envloader...

Malicious code in pipinpeace-bind (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e78be1bf65bda1455a5f08dafdf69aef528e4fb206333e1ecb6c6a97fe8adbc2 Package is designed to start a bind shell during installation. However, it requires providing the port as an installation parameter, which suggests it's more...

MAL-2025-191811 Malicious code in paradox-pydevdeps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffb02e4aaa239e465a9365307dc9f04e5d881cc9f56bd34a1112ce87db7998bc Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

MAL-2024-12360 Malicious code in test-packages2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4336b840413f8b1d796d06001cd5fb057d2e92276771ec70122834253e5e41f3 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...