Tag: pypi

USENIX Security ’25 (Enigma Track) Securing Packages In npm, Homebrew, PyPI, Maven Central, And RubyGems

Mar 13, 2026 10:11 PM

Tags: github, pypi

Presenter: Zach Steindler, GitHub Our thanks to USENIX Security ’25 (Enigma Track) (USENIX ’25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security ’25 (Enigma Track) (USENIX ’25 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/usenix-security-25-enigma-track-securing-packages-in-npm-homebrew-pypi-maven-central-and-rubygems/
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

Feb 15, 2026 7:58 PM

Tags: apt, jobs, korea, lazarus, malicious, north-korea, pypi

Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Feb 12, 2026 7:58 PM

Tags: cybersecurity, korea, lazarus, malicious, north-korea, pypi

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since…
Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Targets GitHub, npm, and PyPI to Spread Malware

Feb 12, 2026 8:58 AM

Tags: cyber, github, group, lazarus, malware, pypi, software, supply-chain

Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open”‘source ecosystems to deliver malware to cryptocurrency”‘focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hide multi”‘stage payloads behind seemingly legitimate coding tasks and packages. Since early May 2025, attackers have been approaching JavaScript and Python developers via…
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Feb 6, 2026 11:13 AM

Tags: attack, credentials, cybersecurity, malicious, malware, pypi, rat, supply-chain, theft

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.The compromised versions of the two packages are listed below -@dydxprotocol/v4-client-js (npm) – 3.4.1, 1.22.1, 1.15.2, 1.0.31& First…
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Jan 28, 2026 12:21 PM

Tags: access, cybersecurity, malicious, pypi

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT).The packages, named spellcheckerpy and spellcheckpy, are no longer available for download, but not before they were collectively downloaded a little over 1,000 times.”Hidden inside the First seen…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Jan 25, 2026 4:18 PM

Tags: ai, edr, exploit, international, malware, pypi

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Jan 25, 2026 4:18 PM

Tags: ai, edr, exploit, international, malware, pypi

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]…
Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments

Jan 22, 2026 4:30 PM

Tags: ai, api, cloud, control, credentials, cve, cyber, flaw, framework, hacker, Internet, open-source, pypi, vulnerability

Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. The flaws CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (SSRF) enable attackers to steal API keys, sensitive files, and cloud credentials without user interaction. Zafran…
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

Jan 22, 2026 12:30 PM

Tags: crypto, linux, malicious, pypi

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts.The package, named sympy-dev, mimics SymPy, replicating the latter’s project description verbatim in an attempt to deceive unsuspecting users into thinking that they…
Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users

Jan 22, 2026 11:30 AM

Tags: attack, cyber, malicious, malware, pypi, supply-chain, tactics

A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection. The malicious sympy-dev package directly copies SymPy’s official project…
2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026

Jan 15, 2026 7:51 PM

Tags: access, ai, application-security, attack, authentication, awareness, backdoor, breach, business, captcha, cloud, compliance, container, control, credentials, credit-card, cybersecurity, data, data-breach, ddos, defense, encryption, exploit, finance, firewall, flaw, google, identity, infrastructure, intelligence, leak, malicious, mitigation, monitoring, network, pypi, risk, service, software, strategy, supply-chain, threat, tool, vulnerability, windows

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 andrew.gertz@t“¦ Thu, 01/15/2026 – 16:48 Nadav Avital – Senior Director of Threat Research at Thales More About This Author > 2025 was a year that tested how businesses think about security. Some attacks happened in new, unexpected ways, while others employed old tricks, taken…
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Nov 28, 2025 6:49 PM

Tags: automation, cybersecurity, pypi, risk, supply-chain, tool, vulnerability

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.Software supply chain security company ReversingLabs said it found the “vulnerability” in bootstrap files provided by a build and deployment automation tool named “zc.buildout.””The…
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Spam flooding npm registry with token stealers still isn’t under control

Nov 17, 2025 7:49 AM

Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, worm

CSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
Worm flooding npm registry with token stealers still isn’t under control

Nov 15, 2025 5:49 AM

Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, worm

CSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
Rogue MCP servers can take over Cursor’s built-in browser

Nov 13, 2025 3:49 PM

Tags: access, ai, api, attack, computer, control, data, defense, github, pypi, vulnerability

Defenses: Organizations must review and control, both through policy and access controls, the IDE extensions and MCP servers their developers use. They should do this just like they should be vetting application dependencies from package registries such as npm or PyPI to prevent the compromise of developer machines or inheriting vulnerabilities in their code.Attackers are…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Open-source security group pulls out of U.S. grant, citing DEI restrictions

Oct 29, 2025 7:26 PM

Tags: cybersecurity, group, open-source, pypi, software

The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
Open-source security group pulls out of U.S. grant, citing DEI restrictions

Oct 29, 2025 7:26 PM

Tags: cybersecurity, group, open-source, pypi, software

The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
Serious vulnerability found in Rust library

Oct 23, 2025 5:26 AM

Tags: advisory, attack, backup, container, control, data, email, exploit, flaw, incident response, infection, infosec, linux, malicious, open-source, pypi, radius, remote-code-execution, rust, software, supply-chain, unauthorized, update, vulnerability

async-tar Rust library. And not only is it in this library, but also in its many forks, including the widely used tokio-tar.”In the worst-case scenario, this vulnerability has a severity of 8.1 (High) and can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends,” the researchers say…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Oct 14, 2025 10:23 AM

Tags: authentication, breach, control, cybersecurity, data, malicious, pypi

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Oct 14, 2025 10:23 AM

Tags: authentication, breach, control, cybersecurity, data, malicious, pypi

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers…
Threat Actors Exploit Discord Webhooks for C2 via npm, PyPI, and Ruby Packages

Oct 12, 2025 6:24 PM

Tags: control, cyber, data, exploit, open-source, pypi, threat

Threat actors are increasingly abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets, host telemetry, and developer environment data without standing up bespoke infrastructure. Socket’s Threat Research Team has documented active abuse across npm, PyPI, and RubyGems, where hard-coded Discord webhook URLs act as write-only sinks to siphon…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Oct 2, 2025 4:41 PM

Tags: backdoor, cybersecurity, malicious, pypi, service, windows

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Oct 2, 2025 4:41 PM

Tags: backdoor, cybersecurity, malicious, pypi, service, windows

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…