PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

The maintainers of the Python Package Index PyPI registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any...

uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...

GHSA-GVVW-RR8M-FJ76 uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...

Malicious code in reque (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8ce48406d7fce137de7e9a500179d7d6fcc5857714587372c977c5d6793cad30 Clone of the requests package that modified the code to send all get and post requests to a hardcoded URL --- Category: MALICIOUS - The campaign has clearly...

MAL-2025-1989 Malicious code in reque (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8ce48406d7fce137de7e9a500179d7d6fcc5857714587372c977c5d6793cad30 Clone of the requests package that modified the code to send all get and post requests to a hardcoded URL --- Category: MALICIOUS - The campaign has clearly...

MAL-2025-1994 Malicious code in requesttss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 12a8bc9313963cfa671547d93bfa32236afe6b7dfeeec048633a547aa05dbc12 Clone of the requests package that modified the code to send all get and post requests to a hardcoded URL --- Category: MALICIOUS - The campaign has clearly...

PYSEC-2025-2 uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...

uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would executeon import of the module and download a script from a remote URL,and would then execute the downloaded script in a thread.The downloaded script would harvest system informationand POST the information to another remote URL.This code was found ...

MAL-2025-1980 Malicious code in mlc-ai-nightly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7f1b0b9f87631941501e2d04d9eab7f1cd7232f770812e3373b736f9e682dc2a Installing the package exfiltrates information about the host, including environmental variables. --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-1983 Malicious code in mlc-llm-nightly-cu123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 99d49619be0a9e2bcedb22bd4ea489b5cb31a56558e763a78fd09a6f948f2d9e Installing the package exfiltrates information about the host, including environmental variables. --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-1982 Malicious code in mlc-ai-nightly-rocm62 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d19b7d0a36e093c723972a96552235036df64fd3c5e2ba6bb85d979a4c65c00d Installing the package exfiltrates information about the host, including environmental variables. --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-2940 Malicious code in aws-glue (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96424ced6ac0c4b9f671c5f7f03b4b99f7354e1eb2c48aba76f405f078a62ec6 This is a couple of packages with names appearing to be a library for an AWS or other service. Their only behaviour is to call home on installation or import -...

MAL-2025-2942 Malicious code in awsglueml (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8a7eb55169fa28d500f750382641170b6a921f1ebca4e715a10d33b05ff78f8b This is a couple of packages with names appearing to be a library for an AWS or other service. Their only behaviour is to call home on installation or import -...

MAL-2025-2941 Malicious code in awsgluedq (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da16cd67a3672f17d5cce10c5626cf682be33e63db5ca04db645b975afc9bea1 This is a couple of packages with names appearing to be a library for an AWS or other service. Their only behaviour is to call home on installation or import -...

MAL-2025-2936 Malicious code in amzn-awsglue (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d53712580b3109807a0911c66dab7e45fa9f2968c76e2f31b5f0a23d23b03373 This is a couple of packages with names appearing to be a library for an AWS or other service. Their only behaviour is to call home on installation or import -...

MAL-2025-938 Malicious code in just-test-framework (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab2d45d38003a542b3db3afaf891f8269c46e7ac1c342c06148f8859a03bc00e Importing the module exfiltrates basic information using DNS queries. There is no other purpose of the package. --- Category: PROBABLYPENTEST - Packages lookin...

MAL-2025-49 Malicious code in ilovenyxxbait (PyPI)

The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...

MAL-2025-990 Malicious code in syscontrol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c413668a48a55dfe9f01e94c01fcfa37b26660436d8281a4075884b1cadd06e Importing the module starts downloading and executing an Infostealer targeting browsers' and Discord data In first packages, there was a hidden line triggering...

MAL-2025-968 Malicious code in reqeuts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7f01ab0a32efcdc5ca1ef531f49392818b05b088503759e97611a529f61c37e5 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

MAL-2025-925 Malicious code in fkask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d3bbbce78f8816ead148780776c4371cdd08775ee74639fea33b9598f8bb4b2b Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...