PyPI

2 minute read

Backdoors in Python and NPM Packages Target Windows and Linux

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.

byDeeba Ahmed

June 2, 2025

2 minute read

Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…

byDeeba Ahmed

May 28, 2025

2 minute read

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.

byWaqas

February 4, 2025

3 minute read

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself

byDeeba Ahmed

December 24, 2024

ReversingLabs Research: Compromised Ultralytics PyPI Package Delivers Crypto Coinminer

3 minute read

Ultralytics AI Library with 60M Downloads Compromised for Cryptomining

Another day, another supply chain attack!

byDeeba Ahmed

December 9, 2024

4 minute read

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years

The malicious Python package “Fabrice” on PyPI mimics the “Fabric” library to steal AWS credentials, affecting thousands. Learn how…

byWaqas

November 7, 2024

2 minute read

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys

Checkmarx researchers discovered PyPI malware posing as crypto wallet tools. These malicious packages stole private keys and recovery…

byWaqas

October 1, 2024

3 minute read

New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers

JFrog's cybersecurity researchers have identified a new PyPI attack technique called "Revival Hijack," which exploits package deletion policies. Over 22,000 packages are at risk, potentially impacting thousands of users. Stay informed!

byWaqas

September 5, 2024

2 minute read

Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages

Python packages are being used to steal data from developers and companies. Learn about the extensive cybercriminal operation…

byDeeba Ahmed

July 16, 2024

3 minute read

PyPI Suspends New Projects and Users Due to Malicious Packages

Are you a Python developer? Here's what you need to know!

byWaqas

March 28, 2024

The Latest

GodFather Android Malware Runs Real Apps in a Sandbox to Steal Data

Halo Security Honored with 2025 MSP Today Product of the Year Award

AgentSmith Flaw in LangSmith’s Prompt Hub Exposed User API Keys, Data

WormGPT Makes a Comeback Using Jailbroken Grok and Mixtral Models

PyPI

Backdoors in Python and NPM Packages Target Windows and Linux

Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Ultralytics AI Library with 60M Downloads Compromised for Cryptomining

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys

New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers

Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages

PyPI Suspends New Projects and Users Due to Malicious Packages

Halo Security Honored with 2025 MSP Today Product of the Year Award

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Seraphic Security Unveils BrowserTotal™ – Free AI-Powered Browser Security Assessment for Enterprises

Aembit Extends Workload IAM to Microsoft Ecosystem, Securing Hybrid Access for Non-Human Identities

Flowable’s Smart Automation Tools Are Reshaping How Enterprises Operate in 2025