13243 matches found
MAL-2026-3398 Malicious code in ninja-ssh-proto (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84f71e430b37d8fe0ee6c72826071159bb146664fe17d9a596f6e611579851f7 During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...
MAL-2026-3393 Malicious code in web3-tool-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9b0a2f82214baa91e572e7e7081cc863c213321d2a1f69cace704ce9b4a33e70 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
MAL-2026-3380 Malicious code in justinleaguekems (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 039b35e6547b64dd3e28ba9e178b9716447f88d6bd9558766c9ffe8850262d99 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-3386 Malicious code in yeahmankema (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e82095096c026f9ea1f8a44e7b94b0f9def1346ef887a8a6bb4e11aedc5abd63 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-3383 Malicious code in wallet-utils-pro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c6b0bc86ba79fbf578e23fb2eeb78129ba07b9a274e2e8f780b0d427065290e The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
MAL-2026-3381 Malicious code in solana-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 047a41b9a67bb975c2e98b31b5e13875569de5097f0b61bb5984e300687e03e3 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in eth-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e5895b0a95cf86acc67f21e61b55a0718a073fd06657523b47550532153ed546 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
MAL-2026-3377 Malicious code in crypto-wallet-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1e40a039f63743a1d3c20fb312ecd2ecb1e47fe20c6787efa0a3f0f441ad5828 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
MAL-2026-3379 Malicious code in eth-web3-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab01b68589d4f3b1e8686ed007d522f24c8259049cb211a023ac3f3ff8f56ce4 Code pretends to be an ETH utility and exfiltrates the given seed/private key --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in crypto-kit-pro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b3c7b3526469db1bb04a5875cfcb3a1e41fe3f9c697b6d63e497a15d1177cb1b The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Oracle Linux 6 : python (ELSA-2026-10102)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10102 advisory. 2.6.6-68.0.6 - Fix CVE-2026-4519 Orabug: 39253111 Tenable has extracted the preceding description block directly from the Oracle Linux security...
MAL-2026-3371 Malicious code in pycacheopt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf50eae305079227b5283e08547cc201f941624c95e49460c3e6544cdd1e221b The extension module hides code that in specific circumstances executes given code. The malicious action is hidden only in the extension module with the...
GHSA-JP4C-XJXW-MGF9 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, datadog-agent, kubeflow-katib, py3-pip, pypy-3.10...
MAL-2026-3370 Malicious code in sufiagent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f2cfd59dcec981250aeaf0633059cfd0af4d5dac6c87a1d54b9e13ce70957858 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...
MAL-2026-3367 Malicious code in crayrandomiz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 70d147758fe5288bee2adc712e45b7836211b83ce0b209fd42a31e4b3696bbf2 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in yc-depconf-test-807dff (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fe18d1e58fe7fbcd1a68dc26d47c9fa27f9678cf4bc50e3aa4ad35b16d0f85ce Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3366 Malicious code in runtime-vitals (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5e056ef78ad47697156c0dce0819370ffc74bb450e226bfb2bf934651b5836b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in runtime-vitals (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5e056ef78ad47697156c0dce0819370ffc74bb450e226bfb2bf934651b5836b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Cybersecurity researchers have discovered three packages on the Python Package Index PyPI repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their...
MAL-2026-3364 Malicious code in quicklytookerv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...