Malicious code in threading-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a87b74245d0639ace987a197363e4396c334434721b81ce7d1c4d7010edb55 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in dev-server-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 77df2294feff074b86c685e622e69901b80eb16fdbf60eb785a026318d84788e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191717 Malicious code in dev-server-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 77df2294feff074b86c685e622e69901b80eb16fdbf60eb785a026318d84788e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in gptall (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e68d6c72f5a98f22bc22ef0ad7aef178f253ba95ebac54ba881f95762d4805f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191742 Malicious code in gptall (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e68d6c72f5a98f22bc22ef0ad7aef178f253ba95ebac54ba881f95762d4805f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Exploring the SECURITY.Md in the Dependency Chain: Preliminary Analysis of the PyPI Ecosystem

Security policies, such as SECURITY.md files, are now common in open-source projects. They help guide responsible vulnerability reporting and build trust among users and contributors. Despite their growing use, it is still unclear how these policies influence the structure and evolution of softwa...

MAL-2025-191719 Malicious code in discordhelper-ecr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 689b1c190dc23f0188a57cac218b8dd66c56ecb77478d9bdac584a8cd111bb9b Package exftrates discord credentials to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

tutor-android (>=17.0.0 <=21.0.0), tutor-cairn (>=17.0.0 <=21.0.0) +49 more potentially affected by CVE-2025-65681 via tutor (>=12.2.0 <=21.0.7)

tutor PYPI version =12.2.0, =17.0.0, =17.0.0, =0.1.1, =0.2.0, =14.0.0, =18.3.0, =18.0.0, =14.0.0rc3, =18.2.8, =14.0.0, =19.0.0, =14.0.0, =18.0.3 and more Source cves: CVE-2025-65681 Source advisory: SNYK:PYTHON-TUTOR-14135978...

MAL-2025-191858 Malicious code in rtcplogin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f986d2da01fbdba339f3d073a84dd5c57ba0aa19113574702160654f70f0620 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

Malicious code in hooktest2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 207bb5790445a690e4cbb75453026def57279287f88d6c54c7af956e3ba89e1c During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

EUVD-2025-199701

Malicious code in atlassian-praz PyPI...

MAL-2025-191476 Malicious code in atlassian-praz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 06798e3c48471c4e66160030618f78c51d71d2a7660c5545648cf7902b3eecd4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2025-199702

Malicious code in atlassian-exp PyPI...

Malicious code in atlassian-exp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 802483ac3ec3749092037040a0a50ed9fa329232a832ac15fd5a0c692c42a9fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191475 Malicious code in atlassian-exp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 802483ac3ec3749092037040a0a50ed9fa329232a832ac15fd5a0c692c42a9fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in hexcon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 191af8110082a90345db609c8f23d2313a5be68ec121742172f32cf3a1d5d905 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Security Bulletin: NVIDIA NeMo Framework - November 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.5.1 or later from NVIDIA/NeMo Framework on NVIDIA GitHub and pypi. Go to NVIDIA Product Security...

MAL-2025-191837 Malicious code in pyrtp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f77b4d5bf456d6805b724bbedc6baa9f7fb3cc95e6ab6aace6861bfcd56aec1f Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

Malicious code in aounitaounit2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17a6f267b170cfb56ec403ff0364780d8adb80064476daffdded59f701b8b154 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

MAL-2025-191682 Malicious code in aounitaounit2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17a6f267b170cfb56ec403ff0364780d8adb80064476daffdded59f701b8b154 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...