9163 matches found
MAL-2026-2292 Malicious code in safecheckit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84f17b127af2c89551ea0059e4741da3fb5158405fbeabf042f7d5d89a098b21 During installation the package downloads and installs two executables identified as backdoors trojans. --- Category: MALICIOUS - The campaign has clearly...
MAL-2026-2280 Malicious code in roboat-additions (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1af64a27f6bd87cbd380cb838d6c8c06696f9497c246fe348d5af1bbc17f6122 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2279 Malicious code in roboat-addition (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ece419769280a3d6ce017d5cc460eaf49742fde83ede008765b77f3e49ff67e6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
PYSEC-2026-3 Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency, two new releases of telnyx were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Compromised versions execute code during importing the telnyx...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index PyPI repository on March...
MAL-2026-2273 Malicious code in trustwallet (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ffef6e3541d5ab62ee32f0d44e9da05c6e495c15a4c9a9d9a4866e40ae502604 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in metamask-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d741c998a924aa720c19f13cbb622ebb5862abde8765dac7f8bb2cf1b219c3dc Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency,two new releases of telnyx were uploaded to PyPI containing automatically activated malware,harvesting sensitive credentials and files, and exfiltrating to a remote API.Compromised versions execute code during importing the telnyx...
The Telnyx PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks
...
The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks
...
Malicious code in thisismytest123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7640ee5ded7bcafbd9863565d68a7768bdc9bd2abca56a69d73576e7e9b2c0df During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...
Malicious code in requests-testik111 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 72561775d8d7a7c1e47c83f2a7e13ed9eeb776d05ca6924cfcceaca7cad0cfef Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in fluxhttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2669b72303bd592ba1633febc04bca1f0a8804d8546baf21b5f3f12baaa80f29 Malicious clone of a legitimate package. When using it, the code attempts to download and execute remote code. In on of the incarnations, the malicious code wa...
Malicious code in chaostoolkit-turbulence (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0d12e5d6a53ae410fe90d76b8da4f9f117a8891e73a678c5b5f49059ad31fa6b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
GlassWorm attack installs fake browser extension for surveillance
GlassWorm hides inside developer tools. Once it's in, it steals data, installs remote access malware, and even a fake browser extension to monitor activity. While it starts with developers, the impact can quickly spread. With stolen credentials, access tokens, and compromised tools, attackers can...
An AI gateway designed to steal your data
A significant proportion of cyberincidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen a wide variety of methods used in such attacks, ranging from creation of malicious but seemingly legitimate open-source libraries or delayed...
MAL-2026-2233 Malicious code in lightmock (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a3c7924362f935b55a808e1ede8ffea2dbc96326b853dc00d7ede36c002ff63c Clone of a legitimate package. During import, heavily obfuscate code downloads next stages and finally exfiltrates sensitive data, including data from web...
GHSA-5MG7-485Q-XM76 Two LiteLLM versions published containing credential harvesting malware
After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume an...
Malicious code in auth0-ai-ms-agent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2e341dbac5b5fcd3b5a882b5ee47e26051b72bacd4d552790c684174ba0e69ae Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in globally (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1f2d16dd9f9dc8f8c54504946e96b931fab9f6c893012e17b0c03dd531c49f5b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...