MAL-2026-902 Malicious code in crc32fast (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b89c674974bf58c7388a27bf1c6ea954a890de45a3e9ba4830c1eada3a3ea6a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-901 Malicious code in platforms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 152f27ebcd7a8c662ffcbfe69086e0a50e71f73993bc7d97ce3bb67896c8a4dc During importing, the code automatically starts a Telegram bot designed to download and save files locally upon a specific message in the channel. While this...

Malicious code in troncloud (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c123c7a348b5856fcedbadf1312d14b224c100c7138bfeeb3eff610fbf9dc12 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2026-894 Malicious code in troncloud (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c123c7a348b5856fcedbadf1312d14b224c100c7138bfeeb3eff610fbf9dc12 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Malicious code in acpi-tables (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7388183e13e400f894ed9f6f93e05049f6f4719b1610d7c26a8b52bf88901266 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OPENSUSE-SU-2026:10200-1 python310-3.10.19-4.1 on GA media

These are all security issues fixed in the python310-3.10.19-4.1 package on the GA media of openSUSE Tumbleweed...

MiracleLinux 8 : python3.12-3.12.12-2.el8_10 (AXSA:2026-167:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-167:07 advisory. cpython: Excessive read buffering DoS in http.client CVE-2025-13836 Tenable has extracted the preceding description block directly from the MiracleLinux...

MAL-2026-874 Malicious code in google-search-result (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ada4db6050e81933dbf7a82d659e0793c79b0b8f771b3175b5ef4668563238a Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index PyPI repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference...

ayy (>=0.1.6 <=0.1.8), camel-database-agent (>=0.1.0 <=0.2.0) +19 more potentially affected by CVE-2026-26217 via crawl4ai (>=0.3.5 <=0.7.8)

crawl4ai PYPI version =0.3.5, =0.1.6, =0.1.0, =0.2.0, =0.0.38, =0.1.0, =0.1.0, =0.1.0, =0.1.7.4 and more Source cves: CVE-2026-26217 Source advisory: OSV:PYSEC-2026-34...

ayy (>=0.1.6 <=0.1.8), camel-database-agent (>=0.1.0 <=0.2.0) +19 more potentially affected by CVE-2026-26216 via crawl4ai (>=0.3.5 <=0.7.8)

crawl4ai PYPI version =0.3.5, =0.1.6, =0.1.0, =0.2.0, =0.0.38, =0.1.0, =0.1.0, =0.1.0, =0.1.7.4 and more Source cves: CVE-2026-26216 Source advisory: OSV:PYSEC-2026-33...

Malicious code in b10connoisseur (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7 During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location. --- Category: MALICIOUS ...

MAL-2026-870 Malicious code in b10connoisseur (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7 During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location. --- Category: MALICIOUS ...

Malicious code in oraceldb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 723248915f1acb6de7c5bed00d0d554ced6b8cd6359d79436c8ab02f49f18360 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

MAL-2026-868 Malicious code in pydantics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dda36b358c57e79abf804d53d4750cf2836f930b07aa524c0b5c4d231d92143f Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

Malicious code in marshmellow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dbf6f50353e6489a831a2575831b93fd5f99a9cbd60cc30260fd13838beda73f Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

MAL-2026-946 Malicious code in lala6992 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 03f1d0663411a521e65c618865d7a6e362db8597306c4c8c41d6226292ca7854 The OpenSSF Package Analysis project identified 'lala6992' @ 1.0.0 pypi as malicious. It is considered malicious because: - The package executes...

Malicious code in get-incorrect-name-bob (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cb10edcf75f6463de2adaa0a621cf5fb215b5431a87d36a3b94e1910fb774ab While disguised as a dummy MCP server, the only real functionality is exfiltrating hostname on importing. --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2026-862 Malicious code in get-incorrect-name-bob (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cb10edcf75f6463de2adaa0a621cf5fb215b5431a87d36a3b94e1910fb774ab While disguised as a dummy MCP server, the only real functionality is exfiltrating hostname on importing. --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2026-860 Malicious code in osopackagepy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 999886fcc5bada14ab742719f34eef0d929a1319b6011060b7e13e1598c292f0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...