Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2

Summary On March 27, 2026, a threat actor used compromised PyPI credentials to publish malicious versions 4.87.1 and 4.87.2 of the telnyx Python package directly to PyPI. These versions contain credential-stealing malware and were not published through the legitimate GitHub release pipeline...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index PyPI repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been...

Malicious code in tppyencodepull (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b00d54d55ac515db630e72e6e0c819437b4e0290d7810c9ab73e7eee5ed778b1 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-intpywhacked (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 438ae1fe3a6768f2249f008927647170d4610ef5897d122e1ff8810ba8071b16 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5521 Malicious code in py-pushstudyrandom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cbbd6ba7bf33fcba9bb554c7ea47284eb4a056f9c2057c42539a93f88921b81e EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-3202 Malicious code in esqpingstringram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 25bfae41d029d33c9278276c601e507d8184b643260188147696b5db5cbe1129 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-3950 Malicious code in libcraftstringcc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9454c768d2af678c4ac0b67375a66317240af3e872c1e5e9b1b4f8ad9f9118c3 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-guiminepep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b6644b91696c8ad7e337f1d058832e047febf9282655a42883691e2afe03dd77 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5091 Malicious code in py-encodeinfogui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx adf123e7537f356ebd1c0a19f8630ccc1487914d3df7321f585f143c480cc15a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in infocraft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9522d7abc24930ccf03289166a762a5e03133e16d6594143b0b3a91272122a0c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

PT-2022-37329 · Pypi · Exotel

Name of the Vulnerable Software and Affected Versions: exotel affected versions not specified Description: The issue concerns a user account compromise via a phishing attack, which led to the creation of a malicious release of the exotel project on PyPI. This malicious release contains code that...