Tag: pypi

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Jan 28, 2026 12:21 PM

Tags: access, cybersecurity, malicious, pypi

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT).The packages, named spellcheckerpy and spellcheckpy, are no longer available for download, but not before they were collectively downloaded a little over 1,000 times.”Hidden inside the First seen…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Jan 25, 2026 4:18 PM

Tags: ai, edr, exploit, international, malware, pypi

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Jan 25, 2026 4:18 PM

Tags: ai, edr, exploit, international, malware, pypi

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]…
Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments

Jan 22, 2026 4:30 PM

Tags: ai, api, cloud, control, credentials, cve, cyber, flaw, framework, hacker, Internet, open-source, pypi, vulnerability

Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. The flaws CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (SSRF) enable attackers to steal API keys, sensitive files, and cloud credentials without user interaction. Zafran…
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

Jan 22, 2026 12:30 PM

Tags: crypto, linux, malicious, pypi

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts.The package, named sympy-dev, mimics SymPy, replicating the latter’s project description verbatim in an attempt to deceive unsuspecting users into thinking that they…
Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users

Jan 22, 2026 11:30 AM

Tags: attack, cyber, malicious, malware, pypi, supply-chain, tactics

A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection. The malicious sympy-dev package directly copies SymPy’s official project…
2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026

Jan 15, 2026 7:51 PM

Tags: access, ai, application-security, attack, authentication, awareness, backdoor, breach, business, captcha, cloud, compliance, container, control, credentials, credit-card, cybersecurity, data, data-breach, ddos, defense, encryption, exploit, finance, firewall, flaw, google, identity, infrastructure, intelligence, leak, malicious, mitigation, monitoring, network, pypi, risk, service, software, strategy, supply-chain, threat, tool, vulnerability, windows

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 andrew.gertz@t“¦ Thu, 01/15/2026 – 16:48 Nadav Avital – Senior Director of Threat Research at Thales More About This Author > 2025 was a year that tested how businesses think about security. Some attacks happened in new, unexpected ways, while others employed old tricks, taken…
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Nov 28, 2025 6:49 PM

Tags: automation, cybersecurity, pypi, risk, supply-chain, tool, vulnerability

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.Software supply chain security company ReversingLabs said it found the “vulnerability” in bootstrap files provided by a build and deployment automation tool named “zc.buildout.””The…
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Spam flooding npm registry with token stealers still isn’t under control

Nov 17, 2025 7:49 AM

Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, worm

CSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
Worm flooding npm registry with token stealers still isn’t under control

Nov 15, 2025 5:49 AM

Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, worm

CSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
Rogue MCP servers can take over Cursor’s built-in browser

Nov 13, 2025 3:49 PM

Tags: access, ai, api, attack, computer, control, data, defense, github, pypi, vulnerability

Defenses: Organizations must review and control, both through policy and access controls, the IDE extensions and MCP servers their developers use. They should do this just like they should be vetting application dependencies from package registries such as npm or PyPI to prevent the compromise of developer machines or inheriting vulnerabilities in their code.Attackers are…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Open-source security group pulls out of U.S. grant, citing DEI restrictions

Oct 29, 2025 7:26 PM

Tags: cybersecurity, group, open-source, pypi, software

The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
Open-source security group pulls out of U.S. grant, citing DEI restrictions

Oct 29, 2025 7:26 PM

Tags: cybersecurity, group, open-source, pypi, software

The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
Serious vulnerability found in Rust library

Oct 23, 2025 5:26 AM

Tags: advisory, attack, backup, container, control, data, email, exploit, flaw, incident response, infection, infosec, linux, malicious, open-source, pypi, radius, remote-code-execution, rust, software, supply-chain, unauthorized, update, vulnerability

async-tar Rust library. And not only is it in this library, but also in its many forks, including the widely used tokio-tar.”In the worst-case scenario, this vulnerability has a severity of 8.1 (High) and can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends,” the researchers say…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Oct 14, 2025 10:23 AM

Tags: authentication, breach, control, cybersecurity, data, malicious, pypi

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Oct 14, 2025 10:23 AM

Tags: authentication, breach, control, cybersecurity, data, malicious, pypi

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers…
Threat Actors Exploit Discord Webhooks for C2 via npm, PyPI, and Ruby Packages

Oct 12, 2025 6:24 PM

Tags: control, cyber, data, exploit, open-source, pypi, threat

Threat actors are increasingly abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets, host telemetry, and developer environment data without standing up bespoke infrastructure. Socket’s Threat Research Team has documented active abuse across npm, PyPI, and RubyGems, where hard-coded Discord webhook URLs act as write-only sinks to siphon…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Oct 2, 2025 4:41 PM

Tags: backdoor, cybersecurity, malicious, pypi, service, windows

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Oct 2, 2025 4:41 PM

Tags: backdoor, cybersecurity, malicious, pypi, service, windows

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
Phishing Campaign Targets PyPI Maintainers with Fake Login Site

Sep 26, 2025 5:08 PM

Tags: credentials, login, open-source, phishing, pypi

Fake PyPI login site phishing campaign threatens developer credentials and the open-source supply chain. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phishing-campaign-targets-pypi-maintainers-with-fake-login-site/
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information

Sep 25, 2025 5:16 PM

Tags: cyber, email, login, malicious, phishing, pypi, scam

A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts. In this latest iteration, maintainers receive an unsolicited email urging them to “verify…
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information

Sep 25, 2025 5:16 PM

Tags: cyber, email, login, malicious, phishing, pypi, scam

A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts. In this latest iteration, maintainers receive an unsolicited email urging them to “verify…
PyPI invalidates tokens stolen in GhostAction supply chain attack

Sep 18, 2025 4:15 PM

Tags: attack, breach, pypi, software, supply-chain, threat

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn’t abuse them to publish malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pypi-invalidates-tokens-stolen-in-ghostaction-supply-chain-attack/
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Sep 18, 2025 3:15 PM

Tags: access, cybersecurity, malicious, pypi, rat, windows

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems.”SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts First seen on…