Tag: pypi

Attack reports, vulnerabilities, indicators and intrusion sets linked to pypi.

Attack reports (27)

• Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via … · Published 08/06/2026 21:36 · Modified 09/06/2026 08:57
• Miasma Worm Campaign Spreads with New PyPI Wave · Published 07/06/2026 11:21 · Modified 08/06/2026 09:23
• Mini Shai-Hulud Hits TanStack npm Packages · Published 21/05/2026 17:38 · Modified 21/05/2026 16:11
• OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI · Published 06/05/2026 17:01 · Modified 07/05/2026 08:42
• Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and macOS Backdoors · Published 04/05/2026 06:08 · Modified 04/05/2026 14:59
• PyPI Package Compromised in Supply Chain Attack · Published 30/04/2026 21:11 · Modified 04/05/2026 14:01
• npm Packages Hit with TeamPCP-Style CanisterWorm Malware · Published 22/04/2026 18:22 · Modified 27/04/2026 14:36
• TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM · Published 30/03/2026 18:06 · Modified 30/03/2026 21:46
• Telnyx Python SDK Compromised to Deliver Credential-Stealing Malware · Published 28/03/2026 07:39 · Modified 30/03/2026 10:12
• AI Infrastructure Supply Chain Poisoning Alert · Published 27/03/2026 19:59 · Modified 27/03/2026 19:31
• Supply Chain Attack: Malicious PyPI Packages · Published 25/03/2026 10:38 · Modified 27/03/2026 00:08
• Malicious PyPI Package - LiteLLM Supply Chain Compromise · Published 25/03/2026 10:38 · Modified 27/03/2026 00:08
• Bootstrap script exposes PyPI to domain takeover attacks · Published 03/12/2025 20:19 · Modified 21/12/2025 18:24
• Build script exposes PyPI to domain takeover attacks · Published 24/11/2025 21:10 · Modified 25/11/2025 09:14
• Malicious PyPI Packages Deliver SilentSync RAT · Published 19/09/2025 16:05 · Modified 19/09/2025 18:43
• Supply Chain Risk in Python: Termcolor and Colorama Explained · Published 16/08/2025 01:53 · Modified 18/08/2025 16:42
• PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion · Published 02/06/2025 22:02 · Modified 02/06/2025 22:11
• Malicious attack method on hosted ML models now targets PyPI · Published 26/05/2025 09:17 · Modified 26/05/2025 09:49
• Backdoor implant discovered on PyPI posing as debugging utility · Published 15/05/2025 20:12 · Modified 21/05/2025 20:35
• PyPI package targets Solana developers · Published 13/05/2025 21:01 · Modified 21/05/2025 19:34
• Malicious PyPi Package Detected Stealing Crypto Tokens · Published 16/04/2025 14:51 · Modified 16/04/2025 18:21
• Compromised ultralytics PyPI package delivers crypto coinminer · Published 07/12/2024 12:25 · Modified 09/12/2024 11:31
• Malicious PyPI crypto pay package aiocpa implants infostealer code · Published 29/11/2024 10:48 · Modified 29/11/2024 11:03
• Python Crypto Library Updated to Steal Private Keys · Published 26/11/2024 20:53 · Modified 26/11/2024 21:35
• An NPM and PyPI Malicious Campaign Targeting Windows Users · Published 26/11/2024 21:06 · Modified 26/11/2024 21:34