A new wave of malicious PyPI artifacts shows how a small packaging trick can turn routine developer workflows into startup-time execution risk, especially in MCP-linked environments.
A malicious project on Python’s main package index shows why trust in open-source software now starts with name verification, not just reputation.
A PyPI typosquat built to resemble the parsimonious parser library shows how easily trusted package names can be turned into bait for developers.
SolyxImmortal shows how a Windows infostealer can turn saved browser data, live keystrokes, and a commodity webhook into a compact theft pipeline.
A compact infostealer can pack password theft, cookie theft, keylogging, and screen capture into one script-driven workflow, turning everyday browser trust into a high-risk target.
A deserialization bug in an AI checkpointing library shows how persistence features can become execution risks, while the Signal angle remains unconfirmed and should be treated cautiously.
A reported campaign tied to TeamPCP shows how a single AI middleware package can become a high-value path to secrets, even when the exact compromise method remains unclear.
A familiar Python backdoor is being repackaged as loadable extension modules, a move that can make source-based inspection harder and push defenders toward behavior-first detection.
A malware campaign described through InvisibleFerret shows how recruiting lures and native-looking Python artifacts can collide inside a developer workflow.
Three PyPI releases tied to Microsoft’s DurableTask Python client were marked malicious and quarantined, turning a routine dependency into a supply-chain warning for automation-heavy teams.
A brief run of malicious durabletask releases on PyPI shows how a legitimate package name can become a dangerous execution path inside developer and CI environments.
A pre-authentication WebSocket flaw in Marimo shows how one overlooked terminal channel can seriously weaken an application’s security model.
A critical flaw in a browser-facing terminal channel could let remote, unauthenticated users reach command execution on Marimo deployments, turning a convenience feature into a high-value attack surface.
An exposed endpoint in a code-execution platform is drawing attacker attention because it can turn a single web request into arbitrary Python execution, cloud credential theft, and a NATS-backed worker foothold.
A PyPI version with no matching upstream trail turned a routine dependency check into a lesson in software provenance, release governance, and build-time trust.
A small event update can reveal a lot: in hardware communities, the real infrastructure is not just the stage, but the workshop queue, the pre-event social flow, and the devices people bring to the table.
A campaign using fake humanitarian documents, GitHub-hosted payloads, and Python spyware shows how ordinary trust cues can be turned into an access path.
A backdoored release of the `mistralai` package shows how a trusted SDK can become an execution path for credential theft the moment Python loads it.
A tampered PyPI release can turn a routine dependency install into a supply-chain risk, especially when developers treat an SDK as trusted infrastructure.
A phishing-led campaign is abusing GitHub Releases as a trusted-looking delivery surface for a Python infostealer, turning routine software distribution into a stealth channel for account theft.