Malicious code in joyboyw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36ac711534f46e41704c145912a7a6c3a51f64bb1888469e0730768e00865242 Contains a function to silently download malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-192305 Malicious code in dell-recovery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 38f0e57a56abce42c91a97796f7aa6ae48c6e40c6737b9fd49adf1258eac61f8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2025-201156

Malicious code in coremsft PyPI...

Malicious code in coremsft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8eaed1685f9346b5e86fd47bb3359843533e558e34995d405dd903df8e23c4e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-192302 Malicious code in coremsft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8eaed1685f9346b5e86fd47bb3359843533e558e34995d405dd903df8e23c4e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in hellospa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 276fd70d8b56465c07e6a06281b93ef014fcab93ce00be738e645501713dbdda Package exfiltrates credentials, env variables and other sensitive data on running. Notably, exfiltrated cloud credentials were immediately checked from a remo...

EUVD-2025-200743

Malicious code in hellospa PyPI...

MAL-2025-191972 Malicious code in hellospa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 276fd70d8b56465c07e6a06281b93ef014fcab93ce00be738e645501713dbdda Package exfiltrates credentials, env variables and other sensitive data on running. Notably, exfiltrated cloud credentials were immediately checked from a remo...

One Detector Fits All: Robust and Adaptive Detection of Malicious Packages from PyPI to Enterprises

The rise of supply chain attacks via malicious Python packages demands robust detection solutions. Current approaches, however, overlook two critical challenges: robustness against adversarial source code transformations and adaptability to the varying false positive rate FPR requirements of...

openSUSE Security Advisory (SUSE-SU-2025:4313-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

agent-os-server (>=0.4.2 <=0.5.5), aiodatalayer (>=1.0.0 <=2.3.1) +67 more potentially affected by CVE-2025-65896 via asyncmy (>=0.2.10 <=0.2.9)

asyncmy PYPI version =0.2.10, =0.4.2, =1.0.0, =0.5.0, =1.0.8, =2.0.9, =1.0.8, =0.1.0, =1.0.0, =1.3.9, =0.1.1, =0.1.0, =0.2.0, =1.0.0, =0.1.0, =0.3.2 and more Source cves: CVE-2025-65896 Source advisory: SNYK:PYTHON-ASYNCMY-14185104...

EUVD-2025-200582

Malicious code in pulsecord PyPI...

Malicious code in gtkfuscator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 83b5a97c937ac16481e2ad27346069180a0a823c5f6b361cc4e7f08e97716c24 This package decompresses and executes a base64-encoded malicious payload...

1xn-vmcp (>=0.5.2 <=0.6.1), a2c-smcp (>=0.1.1rc0 <=0.1.5) +405 more potentially affected by CVE-2025-66416 via mcp (>=0.9.1 <=1.22.0)

mcp PYPI version =0.9.1, =0.5.2, =0.1.1rc0, =0.7.2, =1.1.0, =1.1.0, =1.0.0, =1.0.0, =0.4.0, =0.0.19, =1.0.0, =3.2.0, =3.2.0, =4.2.2, =4.3.3 and more Source cves: CVE-2025-66416 Source advisory: OSV:GHSA-9H52-P55H-VW2F...

EUVD-2025-200651

Malicious code in hooktest3 PyPI...

Malicious code in hooktest3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d1104ab742749c40acd3c4c989dba15890db64fd22f688dea72727fbc5b9d23 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

acryl-datahub-gx-plugin (>=0.14.0.3 <=0.15.0rc15), agnostic (=1.0.3) +549 more potentially affected by CVE-2024-4340 via sqlparse (>=0.1.14 <=0.5.3)

sqlparse PYPI version =0.1.14, =0.14.0.3, =0.2.0, =0.0.1, =0.1.0, =2.0.0, =0.8.0, =0.0.1a0, =0.0.36, =2.1.1.3, =1.0.0, =1.0.2 and more Source cves: CVE-2024-4340 Source advisory: SNYK:PYTHON-SQLPARSE-14157217...

EUVD-2025-200126

Malicious code in tableate PyPI...

EUVD-2025-200127

Malicious code in tablates PyPI...

Malicious code in python-doenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 79b018c186e337070650421bdaa82bd65d50d3cd29ebd457349059e7bb5ddc46 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...