9169 matches found
MAL-2026-2327 Malicious code in kube-health-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d36d5ed9b1bc15c12e89f48c1228a4f6e3aebe558a67d535655e280b25b4440 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...
MAL-2026-2311 Malicious code in officepyai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 563256c9d63fdb25dd344ade9c0df9605a7b22e3fc849f2512f5366e557e562c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2310 Malicious code in lakeflow-community-connectors (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 931d6183e0dc407fb2c14769dcebb7d1845f4af9ca0b26766d75d783b5611165 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in databaseroboats (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 758a06f15ef5917ecf964bae5fa46f084b028b69c8dd133acb90da972f6a6f09 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in spanner-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 659a15d63f794432104121cf729687768f76fa3dadd0b4ae9d8c9327021122af Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in hiveos (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 632c5c53f72df87d7b0d9843df212e147e729699ffe5e7f6c20e3cd41fa13f64 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
MAL-2026-2292 Malicious code in safecheckit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84f17b127af2c89551ea0059e4741da3fb5158405fbeabf042f7d5d89a098b21 During installation the package downloads and installs two executables identified as backdoors trojans. --- Category: MALICIOUS - The campaign has clearly...
MAL-2026-2280 Malicious code in roboat-additions (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1af64a27f6bd87cbd380cb838d6c8c06696f9497c246fe348d5af1bbc17f6122 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2279 Malicious code in roboat-addition (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ece419769280a3d6ce017d5cc460eaf49742fde83ede008765b77f3e49ff67e6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index PyPI repository on March...
MAL-2026-2273 Malicious code in trustwallet (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ffef6e3541d5ab62ee32f0d44e9da05c6e495c15a4c9a9d9a4866e40ae502604 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in metamask-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d741c998a924aa720c19f13cbb622ebb5862abde8765dac7f8bb2cf1b219c3dc Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency,two new releases of telnyx were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Compromised versions execute code during importing the telnyx...
PYSEC-2026-3 Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency, two new releases of telnyx were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Compromised versions execute code during importing the telnyx...
The Telnyx PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks
...
The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks
...
Malicious code in thisismytest123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7640ee5ded7bcafbd9863565d68a7768bdc9bd2abca56a69d73576e7e9b2c0df During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...
Malicious code in requests-testik111 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 72561775d8d7a7c1e47c83f2a7e13ed9eeb776d05ca6924cfcceaca7cad0cfef Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in fluxhttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2669b72303bd592ba1633febc04bca1f0a8804d8546baf21b5f3f12baaa80f29 Malicious clone of a legitimate package. When using it, the code attempts to download and execute remote code. In on of the incarnations, the malicious code wa...
Malicious code in chaostoolkit-turbulence (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0d12e5d6a53ae410fe90d76b8da4f9f117a8891e73a678c5b5f49059ad31fa6b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...