9169 matches found
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...
MAL-2026-3192 Malicious code in ro-db (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2bd23f786275f7f9939deab001c8b06daaba21ad7dcb861fd6bb9cdd2e3d830c During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3141 Malicious code in coinmate-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8c8d1f75669f5e0386a83dad52d569b6711645921989cf520b3b15c59ec26424 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-41391
CVE-2026-41391 affects the OpenClaw project. OpenClaw before 2026.3.31 fails to sanitize PIP_INDEX_URL and UV_INDEX_URL in host execution contexts, enabling attackers to redirect Python package-index traffic by injecting malicious index URLs through unsanitized environment variables. The issue is...
Malicious code in genmedia-izumi-agent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6afd24d0d974a2b6b82c9aa120945d1c531a3ea17e81bbdf526890f2f0e18905 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EDySec: A Deep Learning-Based Explainable Dynamic Analysis Framework for Detecting Malicious Packages in PyPI Ecosystem
The security of open-source software repositories is increasingly threatened by next-gen software supply chain attacks. These attacks include multiphase malware execution, remote access activation, and dynamic payload generation. Traditional Machine Learning ML detectors struggle to detect these...
MAL-2026-3090 Malicious code in bytedecs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 33034832d7823023eca4d7640030b040b26d4d5274e222bf294b7cf0be28430c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedvefaas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a19e705383e238bb8f9fcddce486d3b46640201c5296961abd59054c030f2049 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3022 Malicious code in jie-utility-package (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2cab7c48587f060014e5c8453f9ab21c0e6dd3c3523d095c1fcafbce8cbee2d1 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2026-3015 Malicious code in lyroxcoder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0aa87cfde7d0b832cd24067a43e94d812a4f5ce64541e219fb6aa6b7388939ab Heavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded,...
Malicious code in xinference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...
Malicious code in pathjoin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a94ee2403006fa62b8cfd3e6ac5a3ae32f316ab9b32fd0dc47fefdca52cf5899 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...
MAL-2026-2948 Malicious code in leavemealone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...
MAL-2026-2835 Malicious code in procoder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f2e6ce1118208c6647ef6e3c175235b92ee242cf0cc068281c4ae630da662c7b Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...
Malicious code in requests-testik11 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in requests-test-test44 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-2812 Malicious code in requests-test-test44 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in requests-test-test2 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in requests-test-test3 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in bombonsec-test-123 (PyPI)
--- -= Per source details. Do not edit below this line.=-...