PyPI Archives • Daily CyberSecurity

Massive PyPI Supply Chain Attack Staged via Malware Startup Hooks PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

Massive PyPI Supply Chain Attack Staged via Malware Startup Hooks

Do Son June 7, 2026

Overview of the Global Fraud Threat Cybersecurity researchers have just detected a dangerous software campaign targeting Python...

OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs

Do Son May 7, 2026

In a calculated move that signals the expansion of state-sponsored threats into open-source repositories, researchers at Kaspersky...

New Quasar Linux (QLNX) RAT Hijacks Cloud Keys and NPM Tokens Quasar Linux RAT Supply Chain Hijacking

New Quasar Linux (QLNX) RAT Hijacks Cloud Keys and NPM Tokens

Do Son May 6, 2026

A previously undocumented Linux remote access trojan (RAT) has been exposed for its surgical precision in targeting...

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference Xinference Supply Chain Attack TeamPCP

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference

Do Son April 23, 2026

The Python ecosystem is reeling from a sophisticated supply chain attack targeting Xinference (Xorbits Inference), a widely...

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry Contagious Interview Malicious Packages

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry

Do Son April 8, 2026

Researchers at Socket have identified a massive new cluster of malicious packages linked to North Korea’s notorious...

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers LiteLLM PyPI Supply Chain Attack

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers

Do Son March 25, 2026

A relentless cyber-espionage campaign has expanded its reach into the heart of the AI development ecosystem. Security...

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner sympy-dev Malware PyPI Supply Chain Attack

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Do Son January 23, 2026

A deceptive new supply chain attack has been uncovered in the Python ecosystem, where a malicious package...

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption

Do Son November 24, 2025

HelixGuard researchers have uncovered a malicious Python package uploaded to PyPI that impersonates the widely used “pyspellchecker”...

Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks SolyxImmortal Malware Python Info-Stealer Discord Webhook C2, Supply Chain Abuse

SolyxImmortal Malware Python Info-Stealer Discord Webhook C2, Supply Chain Abuse

Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks

Do Son October 14, 2025

The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks...

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access

Do Son October 1, 2025

The security of the open-source software supply chain was once again tested when JFrog’s security research team...

New Phishing Campaign Targets PyPI Maintainers with Fake Domain Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

New Phishing Campaign Targets PyPI Maintainers with Fake Domain

Do Son September 25, 2025

The Python Package Index (PyPI) is once again the target of a phishing campaign aimed at maintainers,...

A Trojan in Disguise: New Python Package on PyPI Hides a Multi-Stage Malware Operation Supply chain attack

A Trojan in Disguise: New Python Package on PyPI Hides a Multi-Stage Malware Operation

Do Son August 21, 2025

Zscaler’s ThreatLabz team has issued a warning after uncovering a malicious Python package on the Python Package...

PyPI Fights Back: New Security Feature Prevents Account Takeovers via Expired Domains Supply chain security

PyPI Fights Back: New Security Feature Prevents Account Takeovers via Expired Domains

Do Son August 19, 2025

The Python Package Index (PyPI) is taking a significant step toward securing the open-source software supply chain...

PyPI Rejects Malicious ZIP Archives to Block “Parser Confusion” Attacks PyPI Security, ZIP Confusion

PyPI Rejects Malicious ZIP Archives to Block “Parser Confusion” Attacks

Do Son August 9, 2025

The Python Package Index (PyPI) has announced a set of new upload restrictions aimed at protecting Python...

GitLab Exposes a Clever Crypto Scam: Malicious PyPI Packages Hijack Bittensor Staking Bittensor Typosquatting, Crypto Scam

GitLab Exposes a Clever Crypto Scam: Malicious PyPI Packages Hijack Bittensor Staking

Do Son August 8, 2025

GitLab’s Vulnerability Research team has exposed a sophisticated cryptocurrency theft campaign targeting the Bittensor decentralized AI network...

PyPitfall: Python’s Hidden Vulnerabilities Propagate Through 145K+ Packages Python Supply Chain, PyPI Vulnerabilities

PyPitfall: Python’s Hidden Vulnerabilities Propagate Through 145K+ Packages

Do Son August 4, 2025

A study from the New Jersey Institute of Technology has exposed a massive web of hidden vulnerabilities...

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets Lazarus Group, Software Supply Chain

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

Do Son July 31, 2025

In a recently expose, Sonatype reveals a covert cyberespionage campaign orchestrated by the North Korea-linked Lazarus Group,...

PyPI Warns of Sophisticated Phishing Campaign Targeting Python Developers Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

PyPI Warns of Sophisticated Phishing Campaign Targeting Python Developers

Do Son July 29, 2025

The Python Package Index (PyPI), the central repository for Python developers around the world, has issued a...

4 Open-Source Packages Infect 56,000+ Downloads with Stealthy Spyware Open Source Spyware, Supply Chain Surveillance

4 Open-Source Packages Infect 56,000+ Downloads with Stealthy Spyware

Do Son July 25, 2025

The Socket Threat Research Team has uncovered a coordinated surveillance malware campaign hidden in four open-source packages—three...

PyPI Supply Chain Attack: “cloudscrapersafe” Steals Credit Cards via Fake Python Library PyPI Supply Chain, Credit Card Theft

PyPI Supply Chain Attack: “cloudscrapersafe” Steals Credit Cards via Fake Python Library

Do Son July 20, 2025

Imperva researchers have uncovered a supply chain attack masquerading as a popular Python utility. The package in...

Critical Alert 1 Active Exploit Detected Today