MAL-2025-5174 Malicious code in worldhello (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c09616d1a3cf63c69efe5b81863fee024898fd16025a96efa3e70504012bb6bd The OpenSSF Package Analysis project identified 'worldhello' @ 1.0.0 pypi as malicious. It is considered malicious because: - The package execut...

MAL-2025-6598 Malicious code in syscachelib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8aa87f03342830d082dcfd87dfce0528b19781902f9c9e56a7379046d8a1572 Importing the module starts a UAC bypass through fodhelper to run a privileged shell, and download and execute a remote file. --- Category: MALICIOUS - The...

PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments

Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat 676 Downloads ts-runtime-compat-check 1,588...

MAL-2025-6469 Malicious code in browser-history-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 032a326beadf36ce66d29555a7dacc90d6dfc733435dc61852cbc1e5128ee73d When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...

MAL-2025-6531 Malicious code in justanything (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 206471fdab67d7afeeb5fa6ee55cdb14b88338b58b50a5b73f31bbbb5e66e65b Code is designed to download and run remote scripts during installation, which finally downloads and starts an infostealer --- Category: MALICIOUS - The campai...

MAL-2025-6496 Malicious code in doverius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c386579381491132baf4d7848ddb82f965c540fb732abb69771325665eabbc63 Code is designed to download and run remote scripts during installation, which finally downloads and starts an infostealer --- Category: MALICIOUS - The campai...

heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +8 more potentially affected by CVE-2025-22238 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

MAL-2025-191934 Malicious code in win32evtlogutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5d62d03c43564c8087172222e65beaf334bd9f219291eb6c36a142ad88adef4f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

MAL-2025-6552 Malicious code in my-fun-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6642f3653e49e0a80b7fadf4c06bc64cba8a1a359772f1c7a668888278348fd6 During installation, the obfuscated code attempts to insert a modified Python DLL and runs a code. --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-6578 Malicious code in robloxextra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d4281a22f488970ba086ca475848dedc3db41f77d760a4c280356d1018480ccf Importing the module starts downloading multiple stages of obfuscated code, that e.g. adds itself to autostart. --- Category: MALICIOUS - The campaign has...

MAL-2025-191879 Malicious code in stubsout (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 288961ef642901bbbd1ecf1fee45702985e9691d3f2fdc95f5990a197df2782b While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

Malicious code in atlasctf-21-prod-04 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 001a32ea254df328ea468b5f678beeac998089d5d28d365d4bd412f5b6839267 On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2025-6450 Malicious code in atlasctf-21-prod-13 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 773b90b87addef84f41e3bec0ed50198f5217f97c58686c8700726e2c5911f39 On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2025-6456 Malicious code in atlasctf-21-prod-19 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74537e0fdc55a5f9c24996d74d6a582f0bac3c796e4629c46d8803a956647d87 On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2025-6458 Malicious code in atlasctf-21-prod-21 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 79c8505b253779798971bd98108a76e3e9ba4a7a590fa35b73eef9782c70616d On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2025-6451 Malicious code in atlasctf-21-prod-14 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53e97c9ccd81536ef4d3b1aacb14600cc31b01f8bf00b53326458e485459c7e4 On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2025-6449 Malicious code in atlasctf-21-prod-12 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40759a1334b288bf1b2454e5df32ae973986c6e210d3261bde56c16dfc2fab22 On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2025-6439 Malicious code in atlasctf-21-prod-02 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 797236959adb77b5a2b6d687ba0dcd688ea1fff675136998f38fedc01c65fa89 On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2025-6440 Malicious code in atlasctf-21-prod-03 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 374fe69b5719748c5255c0665469e0e45e3064884ece003a7fbfc56c04d3a93b On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2025-6453 Malicious code in atlasctf-21-prod-16 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 57c6acfcb3c6bb659cac9b311e2cc25e72f3ab57d80e3403b70b7e05a2a06ed9 On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd --- Category: PROBABLYPENTEST - Packages looking like...