Lucene search
K

13257 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/20 3:39 p.m.4 views

Malicious code in noonutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 98fa038a694e6d6093bffd74d004ed294a314282441904ee8d0b7234c082ef33 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSV
OSV
added 2025/08/20 3:39 p.m.3 views

MAL-2025-47788 Malicious code in noonutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 98fa038a694e6d6093bffd74d004ed294a314282441904ee8d0b7234c082ef33 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/08/20 10:58 a.m.3 views

MAL-2025-47777 Malicious code in k7eel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 83c1a6d9a050eb6c1ea689f9b98e7b7028c246c7aaf70626527025eb70fb670e Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

7AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/20 10:58 a.m.4 views

Malicious code in k7eel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 83c1a6d9a050eb6c1ea689f9b98e7b7028c246c7aaf70626527025eb70fb670e Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

7.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/19 4:5 p.m.4 views

Malicious code in tronwalletpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 56511b34963408835ce65f2e9e6cce2ae79f95902e1a4cea9fb2577e0c737d63 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.9AI score
Exploits0References2
OSV
OSV
added 2025/08/19 4:5 p.m.3 views

MAL-2025-47809 Malicious code in tronwalletpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 56511b34963408835ce65f2e9e6cce2ae79f95902e1a4cea9fb2577e0c737d63 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/19 2:42 p.m.4 views

trinity-rft (>=0.1.0 <=0.1.1) potentially affected by CVE-2025-50461 via verl (=0.3.0.post1)

verl PYPI version =0.3.0.post1 is affected by a known vulnerability. The following packages have a transitive dependency on verl and may be impacted: - trinity-rft =0.1.0, =0.1.1 Source cves: CVE-2025-50461 Source advisory: SNYK:PYTHON-VERL-12027893...

6.5CVSS5.8AI score0.00462EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/08/19 6:36 a.m.9 views

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

The maintainers of the Python Package Index PyPI repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gai...

8.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/19 5:47 a.m.7 views

Malicious code in caas-jupyter-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 48a472c7cfbdf9c730e06e827de93f0566895c78f6b1130ec814a31958409d94 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSV
OSV
added 2025/08/19 5:47 a.m.7 views

MAL-2025-191697 Malicious code in caas-jupyter-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 48a472c7cfbdf9c730e06e827de93f0566895c78f6b1130ec814a31958409d94 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
Fedora
Fedora
added 2025/08/19 4:16 a.m.8 views

[SECURITY] Fedora 42 Update: uv-0.8.8-1.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

6.8CVSS6.1AI score0.00183EPSS
Exploits0
Oracle linux
Oracle linux
added 2025/08/19 12:0 a.m.7 views

python-zipp security update

3.20.1-2 - Make package buildable for epel=9 3.20.1-1 - Update to 3.20.1 rhbz2307990 3.20.0-1 - Update to 3.20.0 rhbz2304028 3.19.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora41MassRebuild 3.19.2-2 - Rebuilt for Python 3.13 3.19.2-1 - Update to 3.19.2 rhbz2290429 3.19.1-1 - Update to...

6.2CVSS7.4AI score0.00236EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/18 7:44 p.m.6 views

Malicious code in binance-sdk-ebate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 43db9ff01b53b59066c74bb7571e281c1364444174851bd25c272e8fd7f3f503 Example of typosquatting package, with rather safe using localhost as exfiltration target. Package targets a typo in the Binance documentation:...

7.5AI score
Exploits0References1
OSV
OSV
added 2025/08/18 7:44 p.m.4 views

MAL-2025-47747 Malicious code in binance-sdk-ebate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 43db9ff01b53b59066c74bb7571e281c1364444174851bd25c272e8fd7f3f503 Example of typosquatting package, with rather safe using localhost as exfiltration target. Package targets a typo in the Binance documentation:...

7.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/18 6:31 p.m.5 views

Malicious code in flatfox-api-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a81db9eb6d8c8eb51eecf49610e1282097b77630ccb58b6eef3e2f002e5fe0e2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.5AI score
Exploits0References1
OSV
OSV
added 2025/08/18 6:31 p.m.7 views

MAL-2025-6973 Malicious code in flatfox-api-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a81db9eb6d8c8eb51eecf49610e1282097b77630ccb58b6eef3e2f002e5fe0e2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/18 4:25 p.m.3 views

Malicious code in svcmanagement (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b2d49c3d45535d0e8d20f097496169af472ef9fe2612c83823102820542590e Package attempts to download an executable and install it as a privileged service. The executable seems to be modified remote access tool --- Category: MALICIO...

6.9AI score
Exploits0References2
OSV
OSV
added 2025/08/18 4:25 p.m.2 views

MAL-2025-47801 Malicious code in svcmanagement (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b2d49c3d45535d0e8d20f097496169af472ef9fe2612c83823102820542590e Package attempts to download an executable and install it as a privileged service. The executable seems to be modified remote access tool --- Category: MALICIO...

6.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2025/08/18 10:56 a.m.8 views

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

Cybersecurity researchers have discovered a malicious package in the Python Package Index PyPI repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor , realizes its nefarious functionalit...

7.7AI score
Exploits0
OSV
OSV
added 2025/08/18 3:20 a.m.3 views

MAL-2025-6897 Malicious code in swiv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 945d4a5f54e77ae66588b5b64aa30eb2627903bffcb72a3031b9c4b6b2122b43 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
Rows per page
Query Builder