MAL-2026-2172 Malicious code in v2-8-3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b90faec9a57b74163b9282007ed27f9602abf0d5307115928eb4ca75d98f8c72 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in efghr-honeybee-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e77e2d0088390e5dc421f70a65ade331bfbf554afcc9cc42362098d0ed130692 During installation, package attempts to modify LLM configuration files to provide a backdoor instruction for further control over an AI agent. --- Category:...

Malicious code in collects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fc7f98d0c4c092f4eb4a73240f8c7a5df90717853ee408fefa9eeb09a41d2cae Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

MAL-2026-1144 Malicious code in roku-aihub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 19b48d460fde1b6b9802a2f2b7d93928f89b0474235adc54553971ed4575e5df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Splunk Enterprise 9.3.0 < 9.3.9, 9.4.0 < 9.4.8, 10.0.0 < 10.0.3 (SVD-2026-0208)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0208 advisory. - In Splunk Enterprise for Windows versions below 10.2.0, 10.0.3, 9.4.8, and 9.3.9, a lowprivileged Windows user that can creat...

MAL-2026-904 Malicious code in strands-agents-anthropic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b86e2f5ba17218d5e9377627cc2c437009cc3dc7c6615c87b8317995614288c6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-851 Malicious code in python-files-mod (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

Malicious code in statssol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 578ffe3c11af717c95f71893133a46e8e418742109d414583b3ccc5044fa3a99 On importing the module, a remote code is executed. At the moment of analysis, the remote URL did not return any valid script, presumably as the package was...

Malicious code in tablescene (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75f24eaea6c977e93d35c431f9bedc66b7757fd5c5635425c28801dad3b50de9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in cicd-ppe-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9f1bfe5b5514b9b3a1ffad43be1f06d22faf12f031d325a9e689340c2ab16a0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-604 Malicious code in securedrop-workstation-dom0-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a496fb67ea100acce3d945e16e2d50d6d3181a322017f80cdf8c01006a49aade Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-192992 Malicious code in umap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6dd42f96f818641d94fd4a2085dfd1071b6ce3fa44a3f05b785245ab4d1c886 Simple dependency confusion test. Versions before 0.1.2 do not perform any active action. The original umap package existed in the past, but was removed by the...

MAL-2025-191840 Malicious code in python-doenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 79b018c186e337070650421bdaa82bd65d50d3cd29ebd457349059e7bb5ddc46 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in peptest2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60249233a6c88847f2043da362196e4b2652bd7dddb8dbfe92cc3e7b2b2676a9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191813 Malicious code in peptest2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60249233a6c88847f2043da362196e4b2652bd7dddb8dbfe92cc3e7b2b2676a9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in klsosdoids5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9463b9f77f9d64f5acb9c6a75b2969333be89d6d850af7e75628532ff23e0641 Package simulates calling home on import and there has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but als...

MAL-2025-191843 Malicious code in python3-6 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...

Malicious code in mulaptested-pakname (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fe9ba6c7da3568c9fc879641c190c301a2bd8a349b38a44295eb2924139c78b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bh-usa-req-ase (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c83e1a14cfb125b4cfcb3e1ca52afd31fb170b78ade2aa3fd31cc846b8ac7da If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...