9169 matches found
MAL-2025-47757 Malicious code in discordext (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in btcli (PyPI)
--- -= Per source details. Do not edit below this line.=-...
[SECURITY] Fedora 41 Update: python-pip-24.2-3.fc41
pip is a package management system used to install and manage software packag es written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python"...
Malicious code in tronhexpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 87c2e19fbf3db867f8f5e0103196bcfa8e7b76e1b48431ade425fceaa6f7d86f Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
PSF Warns of Fake PyPI Login Site Stealing User Credentials
The Python Software Foundation PSF warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials...
Malicious code in final-osint (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e4fd0b958714b427b2b2c39e7afd8134f71fae10467ce32d52cffeb74ec716c2 Importing the module starts an infostealer exfiltrating e.g. browser data --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealer...
MAL-2025-48891 Malicious code in final-osint (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e4fd0b958714b427b2b2c39e7afd8134f71fae10467ce32d52cffeb74ec716c2 Importing the module starts an infostealer exfiltrating e.g. browser data --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealer...
MAL-2025-47510 Malicious code in vielcord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4663c6d9af6fa1feac7fd1719e4ff1a729bc8297eec7ce927a13804d475d2c8b During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted ---...
MAL-2025-48889 Malicious code in cugraph-service-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 82f912f9abcdf4498f41f9d9a0b1667f0a81b7fdb1a7f4f850923223474647e6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in tronhex (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4c2eceb463098204e7a3b3cdce61c4933a4a8b486578f6a3cc64f593ae11e064 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
MAL-2025-48903 Malicious code in tronhex (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4c2eceb463098204e7a3b3cdce61c4933a4a8b486578f6a3cc64f593ae11e064 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
colander
This is a Python library for deserialization and validation of data structures composed of strings, mappings, and lists. It is a package that can be used to serialize an arbitrary data structure to a data structure composed of strings, mappings, and lists, and to deserialize and validate a data...
MAL-2025-48911 Malicious code in yuzo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 deb22bdfdecb739735dd50a5e0e2fe8329ee260b7236db8112629d7516d081d4 Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The...
Malicious code in suyo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c9b3fe60a21600a82fb46e53eeaf8e62998a5851821b70aac4b31433e79349d4 Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The...
MAL-2025-48898 Malicious code in suyo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c9b3fe60a21600a82fb46e53eeaf8e62998a5851821b70aac4b31433e79349d4 Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The...
Malicious code in termncolor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security bdc043b163e4ec6acada5d376a6a7becb3bba51c2b25307833500ec9fd8e1c4f This package is malicious and allows an attack remote code execution on Windows and Linux machines. The package termncolor uses colorinal ...
MAL-2025-47451 Malicious code in colorinal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security aac66e0b739a7c06226108da151ee90cc6b406fcf287093e3ca4da4f5eebf79e This package is malicious and allows an attack remote code execution on Windows and Linux machines. The package termncolor uses colorinal ...
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index PyPI repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. "SilentSync is capable of remote command execution, file exfiltration, and screen capturing,"...
[SECURITY] Fedora 42 Update: python-pip-24.3.1-5.fc42
pip is a package management system used to install and manage software packag es written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python"...
Malicious code in tronkeeppy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 415a91c7ce521e9bd46c6e7343acc641436614a73a056c5663496697e4399825 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...