9169 matches found
Malicious code in demozecosse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in demozecox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b32c6e6d2566a58b9a104d162c060982bff488fa547fb706c43553d0b7185ccb Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in demozecosso (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ca3839025ccad67334436cff10b99fc2c407515ed2d9a4e146d11b253b356c8a Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in py-sysbench (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bcd34dcdc69398d2b97a0890cc550974824096b2844524f868505aa32032f147 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...
GHSA-QR2G-P6Q7-W82M x402 SDK Security Advisory
Impact A security vulnerability exists in outdated versions of the x402 SDK. This vulnerability does not affect users' private keys, smart contracts, or funds. The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK. Who...
Malicious code in flowfix (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 77c3304c8fcc8e0cdf2ac450babf481ff0ee3e93cb3c4213c6b4fa8d80cf4137 The package hides code to download and open remote content. The current code seems to be a bit broken as the final URL is not correct, but the code holds also...
Malicious code in roku-aihub (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 19b48d460fde1b6b9802a2f2b7d93928f89b0474235adc54553971ed4575e5df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1140 Malicious code in heimdal-credentials (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 44b549b64558430b61d35bb2eb2cfcf8ec15d75bacb38af8f34deafe5d6add2c During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
MAL-2026-1097 Malicious code in botbooster (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0ac97422a8ea78df8c5538d0dbada7aad5720510773f1855cf5e4b5a9cbc56cb When using the provided function, code exfiltrates the sensitive token from local settings.json to the hardcoded location. --- Category: MALICIOUS - The campai...
Malicious code in botbooster (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0ac97422a8ea78df8c5538d0dbada7aad5720510773f1855cf5e4b5a9cbc56cb When using the provided function, code exfiltrates the sensitive token from local settings.json to the hardcoded location. --- Category: MALICIOUS - The campai...
MAL-2026-1092 Malicious code in jwrincident (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in bladebit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f415139e8d21831bbadeb09351ae32306980ae4de3692fc6cafc1d72c2b99e28 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious Package
Overview clawdist is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...
Malicious Package
Overview polyutil is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...
Malicious Package
Overview magichat is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...
Malicious code in cnnct-eaas-corre (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 2111dcd49405f8c078842cf7af9cfe21ddb54f558d66f2949da752d0e62cddd1 This package appears to be a typo-squatting attempt targeting connect-eaas-core...
MAL-2026-979 Malicious code in home-robot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5296b22d674fc768fb08662c83b8de3fd07455f6fc2d4f7b433319551cb808e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
ROOT-APP-PYPI-CVE-2022-38170 CVE-2022-38170 in rootio-apache-airflow - Patched by Root
Root has patched CVE-2022-38170 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-35908 CVE-2023-35908 in rootio-apache-airflow - Patched by Root
Root has patched CVE-2023-35908 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...
MAL-2026-932 Malicious code in easyreg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2897582bf6c0c29d4fc679ee338263019a8a5d5bcb66b5ae2c59454d6c967d6a The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...