8 articles tagged with "Pypi"
Supply chain attack deploys 34 malicious packages across npm, PyPI, and Crates.io to steal crypto wallets, SSH keys, and developer credentials. AI assistants weaponized.
Three malicious versions of the xinference AI inference library were uploaded to PyPI, targeting cloud credentials and SSH keys from 680K+ users. TeamPCP claims a copycat is responsible.
Attackers compromised elementary-data version 0.23.3 on PyPI, pushing malicious code to 1.1 million monthly users. The infection extended to Docker images via automated workflows.
TeamPCP threat actors backdoored versions 2.6.2 and 2.6.3 of the popular AI framework, harvesting SSH keys, cloud credentials, and GitHub tokens from millions of developers.
Contagious Interview campaign escalates with trojanized developer tools across five ecosystems. Packages impersonate logging utilities and steal credentials.
TeamPCP compromised the popular telnyx Python SDK on PyPI, hiding credential-stealing malware inside WAV audio files. Versions 4.87.1 and 4.87.2 affected—downgrade immediately.
Malicious LiteLLM versions 1.82.7 and 1.82.8 deployed credential harvester, Kubernetes lateral movement tools, and persistent backdoor. Package sees 3 million daily downloads.
North Korea's Lazarus Group targets blockchain developers with fake recruitment campaign distributing RAT malware through 36 poisoned npm and PyPI packages.