9169 matches found
Malicious code in python-alibabacloud-tea-openapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1a75cd94261db49f7ab1e359b2579e7645756a48f20eb6a49465f980f5c2b43d Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI. The malicious code was hidden in strategic...
Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called...
Malicious code in liblapack3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74012077041418bce1aed1339b95d0221435cff33db310194f29d9a0c2451e6e The OpenSSF Package Analysis project identified 'liblapack3' @ 0.0.2 pypi as malicious. It is considered malicious because: - The package...
Malicious code in pyhulul (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f22a13d592f8a4de9eaf39b1c4c0c149232890e90dc5cff2988d49901d31a3e2 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in pytasler (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9209d9bf3f5a8205e05d9cb3e590cb8ad8cdf90cedb528dd047828c38b308361 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in pyalsogkert (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx db76c02045b01626113fc566fbbcd5f7fd5ccbd230e7e5c6dc0ed090a712c9b1 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in kokokoako (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 037e7b78b81b8740ce2627e91bec2d913cb5ef310bf3d7a80046fee57dd42162 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in pyhjdddo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx ac1a1233d8897ffaa72bc15d95e9f16517f66801df9f3eee30f97a8dc675d7bf Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in pytarlooko (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6dddca319cc76ce2f8951f40c21b31bf4a25775212cc5339063154c7aecf052f Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in telethon2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2f513e1bd0172cda035284efad9368870bc46158926c112ccd7fc881e6af75be Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...
The vulnerability of the network-based software for automating data processing tasks in HDFS and Apache Airflow’s HDFS Provider lies in the fact that functions from an unverified controlled area are enabled, allowing attackers to load arbitrary packages.
The vulnerability of the network-based software for automating data processing tasks in HDFS and Apache Airflow’s HDFS Provider is related to the inclusion of functions from an unverified controlled area during the processing of PyPI package names. Exploiting this vulnerability allows a malicious...
Malicious code in alibabacloud-vpc20180317 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c24b33d1db8fffd5daaf1985d25add4bc66e7879e1a6efbc7ae706816931834 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...
Malicious code in alibabacloud-ecs20180317 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8af47576c10df6b4eb3fae145ce469e9ef394691bde6181e0fef25dbc8358f7a Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...
Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry. The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf,"...
Malicious code in pyghoster (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5dff2bd9da92b93b22c32e611a7d510147596aa9a8e0f566cb9e5b25dc8a45d3 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in aliyun-oss2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8c33f6b28da216b43120a3b8a8537d0263dc1eb2b22979a4183b371ff57b9e0b Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...
Malicious code in python-aliyun-sdk-ecs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx fcb822b0528f2cbde54bd2197ed8c774dda8cafc7c3e9ae5aff56465e7c6c72c Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...
Malicious code in barcodegeneratorqr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5de1d1e2140e353329354c268f3866da72c3edffdf57c0bae8c64c285b120a4c The OpenSSF Package Analysis project identified 'barcodegeneratorqr' @ 1.0.3 pypi as malicious. It is considered malicious because: - The packag...
Malicious code in servantcord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a573def8d25965b25ab7e80b187bc35973c3015d0a23b2c0f8298d800d97a1a2 The OpenSSF Package Analysis project identified 'servantcord' @ 1.0.2 pypi as malicious. It is considered malicious because: - The package...
GHSA-V4F4-23WC-99MH pipreqs vulnerable to Dependency Confusion
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...