13243 matches found
MAL-2026-5545 Malicious code in acme-widget-layout-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...
Malicious code in acme-widget-layout-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...
OPENSUSE-SU-2026:11003-1 python313-Django6-6.0.6-1.1 on GA media
These are all security issues fixed in the python313-Django6-6.0.6-1.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in icinga (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...
MAL-2026-5531 Malicious code in telegramlite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 be464abbf0e3f375f4865ac2802a6b6d96e7af1ce30984d84f464470cdef17dd Package exfiltrates data from the Telegram application to a remote location, effectively collecting Telegram sessions. --- Category: MALICIOUS - The campaign h...
MAL-2026-5518 Malicious code in hello-dynamic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...
Malicious code in hello-dynamic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...
MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...
Malicious code in requests-toolbelt-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...
Malicious code in bittensor-emission-tracker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca5db94f9840938f43eca692c1176b72bbd94a2f86a694c3293853f39b886a2f The package advertises Bittensor subnet burn-rate monitoring but ships a Cython-compiled darwin.so core.cpython-310-darwin.so containing an...
MAL-2026-5457 Malicious code in tao-subnet-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e068049248bc5c0b4fc56cb68f5453aedf6d6cb494df9d8bba82ccc2da3eb3ad Package advertises itself as a Bittensor TAO subnet burn-rate Telegram alert tool, but the compiled extension...
Malicious code in ultimate-ai-power (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90499eb8f54fcc67c067ef7d5397153b4abfc5bbca9d96e7deb291152f49ed3f On import ultimateaipower, the package's top-level init.py collects the local username getpass.getuser and resolved host IP socket.gethostbyname and...
MAL-2026-5458 Malicious code in ultimate-ai-power (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90499eb8f54fcc67c067ef7d5397153b4abfc5bbca9d96e7deb291152f49ed3f On import ultimateaipower, the package's top-level init.py collects the local username getpass.getuser and resolved host IP socket.gethostbyname and...
Malicious code in dstill (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 698645f1cbbe41dbe7b65f3cf373ed38f59cb59ca9cc0bb25bd9d175114f1762 On import spaysdata, init.py invokes mainentry which executes a multi-stage Windows infostealer with no relation to the package's advertised purpose ...
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades , this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index PyPI registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems...
Malicious code in xfoofoox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 94e46dfacc8ffb015e2258d96dedda0eebb7118144ace7021794c88b319ade14 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-5337 Malicious code in solana-web3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4967ebad2d1f4f5802ef50f1d399c05c4dfab94a208079695570b15ffef0fdd2 On import, solana-web3/init.py executes a credential-stealer payload. After a sandbox-evasion gate checks for 12-hex Docker hostname, /.dockerenv, an...
MAL-2026-5335 Malicious code in xfoobar (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a54c1c17d20a069af19c48751aada9e426bcbf55484c360cf21ac70f35d3d0dd During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in spaysrbx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bae51ef6cd61eb9bfc38ac2d8dd8ad1f38d22c4e55b8ccdfc53cd2ed94076f On import spaysdata, the package's init.py invokes mainentry in spaysdata/main.py, which performs three attacker-benefit actions automatically: 1 rea...
Malicious code in xforpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6ebd6a0497e01ef631a2c357263bd1af23d88e8d9a9ae46fe39110571949198c During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...