-
A rapidly evolving supply chain campaign dubbed “Shai-Hulud” is targeting developers through malicious Python packages. Researchers have identified 23 newly weaponised PyPI artefacts, expanding the scope of the ongoing Mini Shai-Hulud, Miasma, and Hade…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated typosquatting attack targeting Python developers through a malicious package named “parsimonius” on the Python Package Index (PyPI). The rogue package was engineered to impersonate the legitimate parsimonious parsing library…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cybere…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity security vulnerability has been discovered in Python’s asyncio module on Windows, potentially allowing attackers to write data beyond the boundaries of an allocated memory buffer. The flaw, tracked as CVE-2026-3298, was publicly d…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi‑stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py fil…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Kimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The campaign abuses Windows Task Scheduler, Dropbox, and bundled Python runtime…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Telnyx Python SDK on PyPI, using a multi‑stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in telnyx/_client.py and is triggered at module scope, so simply importing telnyx is enough to ex…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The popular Telnyx Python SDK on PyPI to deploy a multi‑stage credential‑stealing operation that targets cloud infrastructure, Kubernetes clusters, and developer environments at scale. On March 27, 2026, TeamPCP uploaded two malicious Telnyx SDK releas…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sharp rise in campaigns targeting macOS users, while attackers also ramp up Python‑based stealers and abuse trusted platforms like WhatsApp and popular PDF utilities. These attacks focus on harvesting credentials, browser data, cloud keys, and crypto…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
