13245 matches found
MAL-2026-2280 Malicious code in roboat-additions (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1af64a27f6bd87cbd380cb838d6c8c06696f9497c246fe348d5af1bbc17f6122 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2279 Malicious code in roboat-addition (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ece419769280a3d6ce017d5cc460eaf49742fde83ede008765b77f3e49ff67e6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2278 Malicious code in python-aiogram-telegram-updater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 94b286136c318836563c0eaddf44e8d1b21f217086b444a3266d91b69ace79b8 When run, the package exfiltrates files from a cryptowallet and modifies its executable placing an implant exfiltrating passphrase later. --- Category: MALICIO...
[SECURITY] Fedora 43 Update: uv-0.10.12-1.fc43
An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...
[SECURITY] Fedora 44 Update: uv-0.11.2-1.fc44
An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...
[SECURITY] Fedora 44 Update: uv-0.10.12-1.fc44
An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...
python311-intake-2.0.9-1.1 on GA media (moderate)
python311-intake-2.0.9-1.1 on GA media Announcement ID: openSUSE-SU-2026:10426-1 Rating: moderate Cross-References: CVE-2026-33310 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
acedeploy (>=2.4.119 <=2.4.342), adam-assist (>=0.3.4 <=0.3.9) +468 more potentially affected by CVE-2026-34073 via cryptography (>=46.0.0 <=46.0.5)
cryptography PYPI version =46.0.0, =2.4.119, =0.3.4, =0.5.0, =0.0.18, =0.1.0, =0.1.1.post72, =0.11.0, =1.0.6, =0.0.1, =1.1.2, =0.4.0, =0.7.0 - amazon-sagemaker-sql-execution =0.1.0 - amiibo-converter =0.2.0 - ansys-aedt-toolkits-common =0.2.0 and more Source cves: CVE-2026-34073 Source advisory:...
PYSEC-2026-3 Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency, two new releases of telnyx were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Compromised versions execute code during importing the telnyx...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index PyPI repository on March...
Malicious code in copytrading (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 00e18dbfb3978939790912c09da21fd43b670c4017c160002bb5fc534164e577 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
MAL-2026-2273 Malicious code in trustwallet (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ffef6e3541d5ab62ee32f0d44e9da05c6e495c15a4c9a9d9a4866e40ae502604 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in metamask-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d741c998a924aa720c19f13cbb622ebb5862abde8765dac7f8bb2cf1b219c3dc Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
MAL-2026-2271 Malicious code in metamask-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d741c998a924aa720c19f13cbb622ebb5862abde8765dac7f8bb2cf1b219c3dc Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in claude-lite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3a73f0745200bef9d517a2ac5e3e69189347e0b730a0187e71c3c201accd5833 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
MAL-2026-2269 Malicious code in claude-lite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3a73f0745200bef9d517a2ac5e3e69189347e0b730a0187e71c3c201accd5833 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
MAL-2026-2268 Malicious code in gemini-ai-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db2be37ea455b54b825242a3f66310fdf3f70e50b1dc1a234fa3ebb534afa857 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
CVE-2026-4519 affecting package python3 for versions less than 3.9.19-20
CVE-2026-4519 affecting package python3 for versions less than 3.9.19-20. A patched version of the package is available...
Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency,two new releases of telnyx were uploaded to PyPI containing automatically activated malware,harvesting sensitive credentials and files, and exfiltrating to a remote API.Compromised versions execute code during importing the telnyx...
The Telnyx PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks
...