180 matches found
CVE-2026-44971
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...
MAL-2025-191733 Malicious code in fonafx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...
Attackers Abuse TikTok and Instagram APIs
It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, an...
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Cybersecurity researchers have uncovered malicious libraries in the Python Package Index PyPI repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a...
PYSEC-2025-18
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data
Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself...
Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform
In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer Q&A platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining...
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics
Cybersecurity researchers have discovered two malicious packages on the Python Package Index PyPI repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttpe...
Malicious code in esqmasksplitpush (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 371a75bbb9117312cbc2dfb41f4c02a5e1378b7ca3d109a59401cc2d79619da0 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqpaypalpulled (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 40be8854174f42f60e993f5443bf82c68b7cd588fd0ed83b282915a8e631f647 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in tpreplacepushstudy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 64fe7b05631fc1fba79e4844dc6dc7535c4959f19228e4930b8ad82e20d7c2a8 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfccvmosint (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 735b6485ce6e3e3e9746b485812380756b59948eefcec866d751a91cc18bd1d3 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in tpstrpeplgtb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx fd90f892727d0f1648c10f09ca93b40cfbcf0a6c5bf9cfc4473a497b3a509e07 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqreplacegrandpep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4fb3cb92957680d6a55b6938a867febe48f7e546b05568e4681ef0ff35187c46 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-getcvad (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx cebf11d302a9bc2aa93fb73cde128f8d3de9ff1ddc223609ec865396ab72bdfc EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqrepymc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 095a097eab2f48a05502f2b72fa8c42c80cbd7957e960c326663e01a9a4bdffe EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfhydrapongpaypal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b992777d40644141e2672e9d6cfc0824495c311851f067d867baaef5c75e859e EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-replacepingencode (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 609e704ed1f8a150846db1d8756bf441d50046e7a448f5cd8abb3ba0a635f89b EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqloadencodeosint (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d17d8432fe2335ff76db636d5d79e9852b40ada53694f89cc46079446e639da2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in libsuperregrand (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7425e93128a41f16aaf2c137bb2a2c6577739e75e7d54f26bb5f307dc6228bae EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...