MAL-2026-1144 Malicious code in roku-aihub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 19b48d460fde1b6b9802a2f2b7d93928f89b0474235adc54553971ed4575e5df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +30 more potentially affected by CVE-2026-28348 via lxml-html-clean (>=0.1.0 <=0.4.3)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.2.0, =2.2.16, =0.9.0, =0.0.9, =0.6.0, =0.2.0, =0.2.3 and more Source cves: CVE-2026-28348 Source advisory: OSV:GHSA-HW26-MMPG-FQFG...

MAL-2026-1140 Malicious code in heimdal-credentials (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44b549b64558430b61d35bb2eb2cfcf8ec15d75bacb38af8f34deafe5d6add2c During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...

MAL-2026-1143 Malicious code in wisecloudsecrets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e4ed4357b3e8038ef404e043cc63aafe6484b20d94267c4f024a27d840a4a2fc During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...

SUSE: Security Advisory (SUSE-SU-2026:0664-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in botbooster (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ac97422a8ea78df8c5538d0dbada7aad5720510773f1855cf5e4b5a9cbc56cb When using the provided function, code exfiltrates the sensitive token from local settings.json to the hardcoded location. --- Category: MALICIOUS - The campai...

MAL-2026-1097 Malicious code in botbooster (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ac97422a8ea78df8c5538d0dbada7aad5720510773f1855cf5e4b5a9cbc56cb When using the provided function, code exfiltrates the sensitive token from local settings.json to the hardcoded location. --- Category: MALICIOUS - The campai...

MAL-2026-1092 Malicious code in jwrincident (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in bladebit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f415139e8d21831bbadeb09351ae32306980ae4de3692fc6cafc1d72c2b99e28 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OESA-2026-1445 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

MAL-2026-1085 Malicious code in ctf-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e47981485066b674150cc4d9d3709e41707e69111f188e54e772becc7349ab89 The package states to contain a modified curl library to allow low-level request modifications. However, there is also undisclosed malicious behavior: 1. The...

[SECURITY] Fedora 42 Update: python3.9-3.9.25-6.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

MAL-2026-1064 Malicious code in cicd-ppe-redteam-test02 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 14adb6733ca8f958770b9766a7f255fbd8562886dce3b42cee772eac50e52d0f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-1063 Malicious code in cicd-ppe-redteam-test01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ff0b643e9e96817244b6499fdbcfd26b6c26cf366980909a6461e4c15b389fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in edx-salesforce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4ffac16b09d8312b28d4f65cd3d0f49ecccca9de9d7bbdac0aed694b28949b7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious Package

Overview polyclawd is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview clawdist is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview polyutil is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview magichat is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

MAL-2026-1035 Malicious code in neural-compressor-jax (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb1f58a45ef1a06954d1807517faea8790a771906e95a98d571587558244ea3f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...