Malicious code in executor-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...

Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...

MAL-2026-5319 Malicious code in mem8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d2fc000f15b66037b67d503cef346f32d400b0cc704417b28ff6c559c9924d8f Versions 6.0.1 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

MAL-2026-5324 Malicious code in pyphetools (PyPI)

The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...

MAL-2026-5281 Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...

Malicious code in nucbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98ac1a9b5840905b608a09e8e66c73b750c0baa17d6b7789adfc94a8fd815e4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

MAL-2026-5296 Malicious code in magique (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d3bf9e3bbd5c258d251ade5a15f3383a47a53ddd399d7cd3db2aee5cec45c4 Versions 0.6.8, 0.6.9 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

MAL-2026-5280 Malicious code in bramin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827 bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup system-wide, not only when bramin is imported. The.pth...

Massive npm infection: the Shai-Hulud worm and patient zero

Introduction The modern development world is almost entirely dependent on third-party modules. While this certainly speeds up development, it also creates a massive attack surface for end users, since anyone can create these components. It is no surprise that malicious modules are becoming more...

MAL-2023-1985 Malicious code in progressbr2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fbdd97b0e8ec7e4aa4de0922968e83009b6e1abcaa6790cd62d0819588d0694a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2260 Malicious code in simplejsoon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 50fa0f9109fe50971d96efeaeca63ad2299c5b6c01c680f4940950b4eecfbca6 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in simplejsno (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 87bea338e2fd38835634fd7646c5951fa1b84e405e875c244a97e2835cba6ebb Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2347 Malicious code in uurllib3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 14a02d714d00119aa59590fdc0d24887bb9a53e03b07b093b07755a73093ba97 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1684 Malicious code in clickk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 995ba3f0942c80291e97c5061ea4794aa4512ce5af01b774f9cac15ebde2e90a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2111 Malicious code in python-binacne (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 242390e4eac66fd15d4807033c99de1645afecae38d3d5c44e051d43c6d41454 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2124 Malicious code in python-inance (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c0001fcdc94573a491859eca78992119ed328ccaecbcb75088ffeee57a08153d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in matplootlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4ccfa7ce32e6f072136ae4fd87541ad9baa51abbbaf8804a8ad5e3d864756844 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...