Category: Python
-
Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts
Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts A major software supply chain attack has compromised the popular Python package elementary-data, exposing thousands of developers to massive credential theft. Threat actors successfully pushed a malicious version, 0.23.3, to the Python Package Index (PyPI) and poisoned the matching Docker images on the GitHub…
-
LiteLLM Python Package With 95 Million Downloads Compromised by TeamPCP Hackers
LiteLLM Python Package With 95 Million Downloads Compromised by TeamPCP Hackers A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests across various LLM providers and have over 95 million monthly downloads, were found to contain a sophisticated backdoor by security…
-
Critical Vulnerability in Python PLY Library Enables Remote Code Execution – PoC Published
Critical Vulnerability in Python PLY Library Enables Remote Code Execution – PoC Published A critical vulnerability has been identified in the PyPI-distributed version of PLY (Python Lex-Yacc) 3.11, allowing arbitrary code execution through unsafe deserialization of untrusted pickle files. The vulnerability, assigned CVE-2025-56005, affects the undocumented picklefile parameter in the yacc() function, which remains absent from official documentation despite…
-
New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens
New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python’s official third-party software repository. This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive information including cloud…