4 articles tagged with "Pypi"
Contagious Interview campaign escalates with trojanized developer tools across five ecosystems. Packages impersonate logging utilities and steal credentials.
TeamPCP compromised the popular telnyx Python SDK on PyPI, hiding credential-stealing malware inside WAV audio files. Versions 4.87.1 and 4.87.2 affected—downgrade immediately.
Malicious LiteLLM versions 1.82.7 and 1.82.8 deployed credential harvester, Kubernetes lateral movement tools, and persistent backdoor. Package sees 3 million daily downloads.
North Korea's Lazarus Group targets blockchain developers with fake recruitment campaign distributing RAT malware through 36 poisoned npm and PyPI packages.