2 matches found
PYSEC-2026-236 Malicious code in pyphetools (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of pyphetools were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...
Embedded Malicious Code
Overview pyphetools is a package designed to test how to use the Python version of the phenopackets package together with pandas to create phenopackets from typical supplemental tables. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious co...