PyPI Archives • Page 2 of 3 • Daily CyberSecurity

PyPI Bans Inbox.ru After Massive Spam Campaign and 1,500+ Fake Project Uploads PyPI Spam, Package Impersonation

PyPI Bans Inbox.ru After Massive Spam Campaign and 1,500+ Fake Project Uploads

Do Son July 17, 2025

The Python Package Index (PyPI) has banned new account registrations and email additions from the inbox.ru domain,...

Alert: Malicious Python Package “psslib” Typosquats passlib, Shuts Down Windows Systems Python Malware, Typosquatting

Alert: Malicious Python Package “psslib” Typosquats passlib, Shuts Down Windows Systems

Do Son June 26, 2025

Socket’s Threat Research Team has uncovered a malicious Python package named psslib designed to abruptly shut down...

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching PyPI Supply Chain, Solana Theft

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching

Do Son June 2, 2025

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack on the Python Package Index (PyPI)...

setuptools Flaw Exposes Millions of Python Users to RCE setuptools vulnerability, Python RCE

setuptools Flaw Exposes Millions of Python Users to RCE

Do Son May 21, 2025

The Python Packaging Authority (PyPA) has patched a serious path traversal vulnerability in the widely-used setuptools project....

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers PyPI malware, Solana developers

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Do Son May 15, 2025

The ReversingLabs research team has uncovered yet another software supply chain attack targeting the cryptocurrency ecosystem, this...

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels Python malware, Gmail C2

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels

Do Son May 2, 2025

In a detailed technical report, Socket’s Threat Research Team uncovered seven malicious Python packages published to the...

Malicious Packages Stealing Crypto Credentials: A Warning for Developers npm package, crypto drainer Malicious Packages Cryptocurrency Theft

npm package, crypto drainer Malicious Packages Cryptocurrency Theft

Malicious Packages Stealing Crypto Credentials: A Warning for Developers

Do Son April 23, 2025

The Socket Threat Research Team has exposed three malicious open-source packages masquerading as developer tools — designed...

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature Project Quarantine PyPI Security Privilege Escalation

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature

Do Son April 15, 2025

On April 14, 2025, the Python Package Index (PyPI) team swiftly addressed a security concern involving persisting...

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance

Do Son January 5, 2025

Researchers at Socket have uncovered a series of malicious campaigns exploiting Out-of-Band Application Security Testing (OAST) techniques....

Project Quarantine: PyPI’s New Line of Defense Against Malware Project Quarantine PyPI Security Privilege Escalation

Project Quarantine: PyPI’s New Line of Defense Against Malware

Do Son January 2, 2025

In a significant stride toward enhancing security in the Python ecosystem, the Python Package Index (PyPI) has...

PyPI Poisoned: “Zebo” and “Cometlogger” Downloaded Hundreds of Times GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

PyPI Poisoned: “Zebo” and “Cometlogger” Downloaded Hundreds of Times

Do Son December 25, 2024

Cybersecurity researchers at Fortinet have uncovered two malicious packages slithering within the Python Package Index (PyPI), ready...

Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed ML Threat Hunting policy violation

Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed

Do Son November 29, 2024

Cybersecurity researchers at ReversingLabs have uncovered a stealthy supply chain attack targeting cryptocurrency wallets via the PyPI...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Malicious Update in Python Crypto Library Targets Private Keys via Telegram

Do Son November 23, 2024

The Phylum Research Team has uncovered a malicious update to the PyPI package aiocpa, a crypto library...

PyPI Under Attack: Malicious Crypto-Stealing Packages Discovered

Do Son October 3, 2024

Checkmarx Zero, the research arm of Checkmarx, has uncovered a new wave of malicious Python packages infiltrating...

Roblox Cheaters Targeted: Skuld Stealer and Blank Grabber Malware Lurks in PyPI Packages Skuld Stealer & Blank Grabber

Roblox Cheaters Targeted: Skuld Stealer and Blank Grabber Malware Lurks in PyPI Packages

Do Son October 1, 2024

In a recent report by Imperva Threat Research, malicious actors have been found exploiting the Python Package...

Revival Hijack: A New PyPI Hijacking Technique Threatens Thousands of Packages

Do Son September 4, 2024

The JFrog security research team has uncovered a novel PyPI package hijacking method known as “Revival Hijack,”...

Malicious PyPI Packages Expose User Credentials

Do Son August 1, 2024

The FortiGuard Labs team has uncovered a series of malicious packages lurking within the Python Package Index...

xFileSyncerx: Malicious Package with Wiper Components Discovered on PyPI Malicious xFileSyncerx Package

xFileSyncerx: Malicious Package with Wiper Components Discovered on PyPI

Do Son June 6, 2024

In a recent investigation, ReversingLabs researchers uncovered a malicious open-source package on the Python Package Index (PyPI)...

Hackers Target PyPI with Malicious Go Binary Hidden in Image

Do Son May 13, 2024

The Phylum Research Team has uncovered a sophisticated attack targeting the Python Package Index (PyPI), a popular...

PyPI Takes Emergency Measures to Combat Malicious Package Flood PyPi Under Attack

PyPI Takes Emergency Measures to Combat Malicious Package Flood

Do Son March 28, 2024

The Python Package Index (PyPi), a vital repository for open-source software, has taken the drastic step of...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

PyPI

PyPI Bans Inbox.ru After Massive Spam Campaign and 1,500+ Fake Project Uploads

Alert: Malicious Python Package “psslib” Typosquats passlib, Shuts Down Windows Systems

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching

setuptools Flaw Exposes Millions of Python Users to RCE

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels

Malicious Packages Stealing Crypto Credentials: A Warning for Developers

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance

Project Quarantine: PyPI’s New Line of Defense Against Malware

PyPI Poisoned: “Zebo” and “Cometlogger” Downloaded Hundreds of Times

Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed

Malicious Update in Python Crypto Library Targets Private Keys via Telegram

PyPI Under Attack: Malicious Crypto-Stealing Packages Discovered

Roblox Cheaters Targeted: Skuld Stealer and Blank Grabber Malware Lurks in PyPI Packages

Revival Hijack: A New PyPI Hijacking Technique Threatens Thousands of Packages

Malicious PyPI Packages Expose User Credentials

xFileSyncerx: Malicious Package with Wiper Components Discovered on PyPI

Hackers Target PyPI with Malicious Go Binary Hidden in Image

PyPI Takes Emergency Measures to Combat Malicious Package Flood