Skip to main content

Tag: python

41 articles

Cluttered workspace with laptop showing code on screen, surrounded by papers and coffee cups.

ChocoPoC Malware Targets Vulnerability Researchers via Fake PoC Repos

Beware of fake proof-of-concept repositories on GitHub - a new malware called ChocoPoC is hiding in plain sight, stealing data from vulnerability researchers through a cleverly designed trap. This sneaky malware uses a dependency chain to infect systems, masquerading as a harmless Python proof-of-concept exploit.

Analyst 207
Cybersecurity researcher sits at cluttered desk with laptop and papers, looking concerned.

Malware Exploits GitHub PoCs to Target Cybersecurity Researchers

Cybersecurity researchers are being targeted by a sneaky new campaign that uses malicious GitHub proof-of-concept exploits to deliver a remote access trojan, with over 2,400 downloads of a trojanized Python package already recorded. The attack unfolds through a multi-stage supply-chain trick involving compromised PyPI packages.

Analyst 207
Cybersecurity researcher working at cluttered desk with laptop and Linux devices nearby.

Malware Delivered via Trojanized GitHub Exploits Targets Security Researchers

Security researchers have been targeted by a sneaky malware campaign that uses trojanized GitHub exploits to deliver a Python-based remote access trojan, hiding in plain sight within popular proof-of-concept code repositories. The malware, downloaded over 2,400 times mostly on Linux-based systems, was spread through malicious packages cleverly concealed in dependency lists on GitHub.

Analyst 207
Python developer workstation with laptop, terminal, and programming notes, hint of Telegram logo in background.

Malicious PyPI Packages Expose Telegram Bot Servers to Hacker Control

Hackers have launched a sneaky attack, hiding malicious code in fake Python packages on PyPI, which can take control of Telegram bot servers and give attackers access to sensitive info like chats, contacts, and environment variables. This backdoor can be activated with a simple command, allowing attackers to execute any Python code on the victim's machine.

Analyst 207
Cluttered developer workstation with code on laptop and notes on desk.

AI Code Review Foils Malicious Backdoor in Python Project

When Roman Imankulov analyzed a suspicious Python project with his AI agent, it quickly flagged a malicious backdoor, saving him from a potentially disastrous mistake. The AI code review proved to be a crucial safeguard, alerting Imankulov to walk away from the tainted code.

Analyst 207
Developer workstation with laptop and blurred terminal screen, highlighting supply chain security concerns.

PyPI Packages Poisoned in Hades Supply Chain Attack

Malicious actors have launched a supply-chain attack on the Python Package Index (PyPI), infecting 19 packages with 37 tainted versions that can download and execute a hidden JavaScript payload. This sneaky Hades campaign uses poisoned Python packages to spread its reach, putting developers and users at risk.

Analyst 207
Laptop and workstation setup with a blank screen amidst a clean environment.

Shai-Hulud Malware Targets Python Packages, Exposes Developer Secrets

Hundreds of thousands of downloads of 19 popular Python packages were compromised in a massive supply-chain attack that stole developer secrets, courtesy of the Shai-Hulud malware. The malicious packages, disguised as useful bioinformatics and science tools, were actually designed to expose sensitive information.

Analyst 207
Rows of computer servers and equipment in a well-lit server room or data center.

ChromaDB Flaw Enables Server Hijacking via AI Model Exploit

A newly discovered vulnerability, CVE-2026-45829, in ChromaDB's Python FastAPI variant allows hackers to hijack servers by exploiting AI models, with a security expert noting that authentication is present but poorly placed. This flaw lets unauthenticated attackers run arbitrary code on exposed servers by cleverly manipulating API endpoints.

Analyst 207
Rows of computer servers and networking equipment with a single laptop screen in the foreground.

LiteLLM SQL Flaw Exploited 36 Hours After Disclosure

A critical SQL injection flaw, CVE-2026-42208, was exploited just 36 hours after its disclosure, putting vulnerable LiteLLM versions at risk of unauthorized database access. The bug, with a CVSS score of 9.3, allows unauthenticated callers to reach a vulnerable database query through the proxy's error-handling path.

Analyst 207
Industrial robot on a factory floor with blurred control panel and company logo nearby.

Unpatched Flaw Exposes Hugging Face LeRobot to Remote Code Execution

A critical, unpatched vulnerability in Hugging Face's LeRobot platform, rated CVSS 9.3, allows hackers to remotely execute code by exploiting Python's insecure pickle format, putting users at risk of devastating attacks. This flaw enables unauthenticated attackers to gain control by deserializing malicious data sent over unsecured channels.

Analyst 207
Dimly lit room with a laptop displaying swirling code, eerie shadows, and a ghostly cityscape in the background.

Hackers exploit Marimo flaw to spread NKAbuse malware via Hugging Face

Hackers are exploiting a critical flaw in Marimo's reactive Python notebook to spread a new variant of NKAbuse malware, sneaking malicious payloads onto Hugging Face Spaces, a popular platform for sharing machine learning models. This alarming attack highlights the need for vigilance when it comes to defending against malware disguised as code-sharing tools.

Analyst 207
A fragile, moss-like sphere cracked and broken on a dark surface, surrounded by eerie glows of screens.

Marimo Flaw CVE-2026-39987 Exploited Rapidly After Disclosure

A single line of code can drastically change the risk landscape for thousands of users - and that's exactly what happened with Marimo, an open-source Python notebook, when a critical vulnerability (CVE-2026-39987) was exploited just 10 hours after its disclosure. This severe flaw, with a CVSS score of 9.3, allows pre-authenticated remote code execution, putting all Marimo versions prior to the disclosed fix at risk.

Analyst 207
ComfyUI Instances Enlisted in Widespread Cryptomining Botnet Campaign

ComfyUI Instances Enlisted in Widespread Cryptomining Botnet Campaign

A sneaky campaign is on the hunt for exposed ComfyUI instances, using them to fuel a cryptomining botnet and secretly install malicious nodes - putting unsuspecting users' systems at risk. This covert operation uses a Python scanner to scour cloud IP ranges, exploiting vulnerabilities and turning systems into cryptocurrency-mining machines.

Analyst 207
PickleScan Exclusive: Critical Flaws Rock AI Supply Chains

PickleScan Exclusive: Critical Flaws Rock AI Supply Chains

Researchers disclosed three critical PickleScan zero-days that let attackers stealthily swap or tamper with local AI models—injecting misinformation, bias, or even exfiltrating data from Python/PyTorch model runners. Exploitable via drive-by browser-origin attacks against assumed-safe local admin endpoints, these flaws show how our trusted AI tooling can become the weakest link in the supply chain.

Analyst 207
Legacy Python Bootstrap Scripts: Stunning PyPI Threat

Legacy Python Bootstrap Scripts: Stunning PyPI Threat

Legacy zcbuildout scripts left in projects can become silent attack vectors—if a referenced domain lapses and an attacker reclaims it, builds can pull and execute malicious code that reaches PyPI. ReversingLabs’ findings show how a tiny oversight in old bootstrap helpers can enable wide supply‑chain compromise, so it’s time to find, update, or remove those scripts.

Analyst 207
Vulnerable Rust crate: Stunning critical uv Python flaw

Vulnerable Rust crate: Stunning critical uv Python flaw

async-tar, a tiny Rust crate, unexpectedly sparked a chain reaction when a flaw in a forked copy rippled into fast uv, showing how fragile ecosystems built on forks can be; one fork is patched, but the most widely downloaded release still sits unpatched.

Analyst 207
Vulnerable Rust crate Exclusive: Critical uv Python Flaw

Vulnerable Rust crate Exclusive: Critical uv Python Flaw

If you use uv Python, take note: a critical flaw in the Rust crate async‑tar was patched in one fork, but the most widely distributed uv build still ships the vulnerable copy. It’s a clear reminder that fixing one fork doesn’t secure an ecosystem built on cloning and convenience.

Analyst 207
Python backdoors: Exclusive Risky Threat Warning

Python backdoors: Exclusive Risky Threat Warning

Researchers warn the Confucius espionage group is shifting from weaponized documents to Python backdoors like AnonDoor, widening the attack surface and making detection much harder. Organizations should boost visibility into scripting, enforce least privilege, and monitor package and repository activity before attackers hide in legitimate developer tooling.

Analyst 207
phishing campaign: Risky PyPI Scam — Must-Read Alert

phishing campaign: Risky PyPI Scam — Must-Read Alert

Got an email asking you to verify your PyPI credentials? Change your password and enable MFA right away — attackers are running a convincing fake PyPI site to harvest logins and could use stolen accounts to push malicious packages or compromise your supply chain.

Analyst 207
PyPI packages: Risky SilentSync Alert — Must-Have Fix

PyPI packages: Risky SilentSync Alert — Must-Have Fix

Cybersecurity researchers found two malicious PyPI packages that delivered the SilentSync RAT to Windows machines, enabling remote command execution, file theft and screen capture. Treat your dependency tree like an attack surface—audit packages, pin versions and lock down CI to stop supply-chain intrusions.

Analyst 207
AI-native Villager: Risky Exclusive Tool Sparks Alarm

AI-native Villager: Risky Exclusive Tool Sparks Alarm

A China-origin tool called AI-native Villager has quietly topped 11,000 PyPI downloads, combining Kali Linux and DeepSeek into an easy-to-use pen-testing automation that’s as useful for defenders as it is tempting for attackers. That rapid uptake underscores a growing dilemma: powerful, AI-driven tooling can speed security work — and just as quickly widen the pool of potential abusers.

Analyst 207
CastleRAT malware: Exclusive Dangerous C/Python Threat

CastleRAT malware: Exclusive Dangerous C/Python Threat

A new strain of CastleRAT, now rewritten in both C and Python, is being spread via a nasty ClickFix trick that convinces users to paste malicious commands into their terminals—don’t paste commands you don’t trust. Stay skeptical of unsolicited “fixes,” verify sources, and treat pasteable commands like executable attachments.

Analyst 207
Alarming 188% Annual Increase in Malicious Open Source Packages

Alarming 188% Annual Increase in Malicious Open Source Packages

Discover the shocking 188% annual rise in malicious open source packages and its implications for developers and software security.

Analyst 207
Over 200 Compromised GitHub Repositories Discovered in Attack on Gamers and Developers

Over 200 Compromised GitHub Repositories Discovered in Attack on Gamers and Developers

Over 200 compromised GitHub repositories linked to a cyber attack targeting gamers and developers, raising security concerns in the tech community.

Analyst 207