Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

MAL-2026-3139 Malicious code in robase-start (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 827cc431e55560fd4944d6b7fa6c47e6adb5027a75fe949642630843b0c8702e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2448 Malicious code in supervisors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9f99997c1443b3be7bee7a7d490d05077e1d1c48bdd801f7357881ab1a73ca0 The setup.py contains a malicious code that skips execution if the system uses Russian language. Otherwise, it downloads the URL of the next stage payload from...

Malicious code in roboats-addition (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9c3e8c3efcca9a56765d765638b1f7a25769a8a94693c4f391804337be55fcf During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in fastapis-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69baeb910fc47c2e92e2a25cb1db7b5148b4773d193f15aecef4d708f69b1f6d The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...

MAL-2026-866 Malicious code in oraceldb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 723248915f1acb6de7c5bed00d0d554ced6b8cd6359d79436c8ab02f49f18360 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

CVE-2022-23530

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

EUVD-2022-0118

Malicious code in bioql PyPI...

EUVD-2022-0117

Malicious code in bioql PyPI...

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform GCP that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with edit...

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index PyPI repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain...

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index PyPI repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no...

CVE-2025-1716

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

MAL-2025-191900 Malicious code in time-check-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5da6618a6f04ceb52acd56bc78e318cb7fbffa07ef3acc041729afe52428c44 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in amzclients-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7918a5aab99f521336ce5a17ca3b3dae77256011f91ed8dc22c4d9a38123f539 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191673 Malicious code in acloud-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89813876cca364b0dffda624005d527aa3c9f54ea7ce20af8186faf8f374ba6f This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Ultralytics AI Library Hacked via GitHub for Cryptomining

A supply chain attack on Ultralytics exploited GitHub Actions to inject malicious PyPI packages. Discover how it unfolded and the steps to mitigate the risk...

MAL-2024-12309 Malicious code in my-service-manager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 58c8e4c726cef11c6d7d60916210f532060a6ff7a98bb7fea5872eb10335dd5d While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. Th...