MAL-2026-10688: Malicious code in log-guru (PyPI)
The PyPI package 'log-guru' version 0.7.8 is identified as a typosquatted malicious package that installs a Mythic/Poseidon C2 framework beacon. After installation, the beacon establishes…
Read the full articleYou might also wanna read
PyPI Supply Chain Attacks Expand: New Malicious Packages Target Bioinformatics and MCP Developers
Newer packages in this compromise use native extensions and .pth loaders to execute JavaScript stealers in developer environments.
PyPI Package 'Lightning' Compromised in Supply Chain Attack Affecting AI/ML Developers
The PyPI package lightning was compromised in versions 2.6.2 and 2.6.3 with Mini Shai-Hulud themed malicious code to execute credential-stea

PyPI, Neteller, Skrill and Paysafe: Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious npm and PyPI Packages Target Payment Platforms with Stealer Malware A recent cyberattack campaign leveraged malicious packages on
PyPI Implements Security Measures Against Domain Resurrection Attacks
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired doma
Multiple Malicious Python Packages Targeting Bittensor Crypto Developers
Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packa

lightning PyPI Compromise: A Bun-Based Credential Stealer in Python
A malicious release of the lightning PyPI package ships a credential-stealing Bun payload that runs on import. Snyk has a live advisory. Her

Comments
Sign in to join the conversation.
No comments yet. Be the first.