Sunday 05 July 2026 04:45:13 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#Python


When a Python Install Becomes the Attack Surface

Published: 09 June 2026 08:07Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A new wave of malicious PyPI artifacts shows how a small packaging trick can turn routine developer workflows into startup-time execution risk, especially in MCP-linked environments.

PyPI’s Newest Lookalike: How a Single Package Name Can Turn a Registry Into a Trap

Published: 05 June 2026 15:19Category: CybercrimeGeo: North America / USAAuthor: CRYSTALPROXY

A malicious project on Python’s main package index shows why trust in open-source software now starts with name verification, not just reputation.

One Letter, One Registry, One Dangerous Copycat Package

Published: 05 June 2026 10:41Category: CybercrimeGeo: North America / USAAuthor: VULNCRUSADER

A PyPI typosquat built to resemble the parsimonious parser library shows how easily trusted package names can be turned into bait for developers.

Python Stealer Pushes Browser Loot Through Discord Webhooks

Published: 02 June 2026 12:49Category: Malware & BotnetsAuthor: SIGNALMONK

SolyxImmortal shows how a Windows infostealer can turn saved browser data, live keystrokes, and a commodity webhook into a compact theft pipeline.

Why a Python Stealer Like SolyxImmortal Matters More Than Its Name

Published: 02 June 2026 10:32Category: Malware & BotnetsAuthor: NEXUSGUARDIAN

A compact infostealer can pack password theft, cookie theft, keylogging, and screen capture into one script-driven workflow, turning everyday browser trust into a high-risk target.

When Checkpoints Turn Toxic: The LangGraph Flaw Behind a Misleading Signal Headline

Published: 01 June 2026 12:19Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: NEONPALADIN

A deserialization bug in an AI checkpointing library shows how persistence features can become execution risks, while the Signal angle remains unconfirmed and should be treated cautiously.

LiteLLM Turns Into a Trust Trap in an AI Supply-Chain Theft Case

Published: 27 May 2026 18:28Category: CybercrimeGeo: North America / USAAuthor: CRYSTALPROXY

A reported campaign tied to TeamPCP shows how a single AI middleware package can become a high-value path to secrets, even when the exact compromise method remains unclear.

InvisibleFerret’s New Mask: Python Malware Compiled Into Binary Modules

Published: 25 May 2026 18:38Category: Cyber Warfare & Nation-State OperationsGeo: Asia / North KoreaAuthor: AGONY

A familiar Python backdoor is being repackaged as loadable extension modules, a move that can make source-based inspection harder and push defenders toward behavior-first detection.

Compiled Python, Fake Interviews, and the New Shape of Developer Bait

Published: 25 May 2026 12:13Category: Malware & BotnetsGeo: Asia / North KoreaAuthor: IRONQUERY

A malware campaign described through InvisibleFerret shows how recruiting lures and native-looking Python artifacts can collide inside a developer workflow.

Poisoned Workflow Code: The DurableTask Package That Put Trust on Trial

Published: 21 May 2026 08:16Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

Three PyPI releases tied to Microsoft’s DurableTask Python client were marked malicious and quarantined, turning a routine dependency into a supply-chain warning for automation-heavy teams.

When a Trusted Python SDK Turns Into a Supply-Chain Trap

Published: 21 May 2026 08:06Category: Breaches & Data LeaksGeo: North America / USAAuthor: SECURERECLAIMER

A brief run of malicious durabletask releases on PyPI shows how a legitimate package name can become a dangerous execution path inside developer and CI environments.

The Notebook That Opened a Door: A Marimo Shell Bug Turns Routine Dev Tools Into a Risky Surface

Published: 18 May 2026 14:43Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: SECURESPECTER

A pre-authentication WebSocket flaw in Marimo shows how one overlooked terminal channel can seriously weaken an application’s security model.

The Notebook That Opened a Shell: Marimo’s WebSocket Blind Spot

Published: 18 May 2026 12:41Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: NEONPALADIN

A critical flaw in a browser-facing terminal channel could let remote, unauthenticated users reach command execution on Marimo deployments, turning a convenience feature into a high-value attack surface.

Langflow’s Public Flow Path Becomes a Secret-Harvesting Trap

Published: 14 May 2026 10:08Category: Vulnerabilities & Patch ManagementAuthor: DEEPAUDIT

An exposed endpoint in a code-execution platform is drawing attacker attention because it can turn a single web request into arbitrary Python execution, cloud credential theft, and a NATS-backed worker foothold.

LiteLLM’s Ghost Release Shows How Package Trust Can Fracture in Plain Sight

Published: 13 May 2026 08:32Category: Research, Exploits & Offensive SecurityGeo: North America / USAAuthor: DEBUGSAGE

A PyPI version with no matching upstream trail turned a routine dependency check into a lesson in software provenance, release governance, and build-time trust.

When the Badge Gets Busy: Hackaday Europe’s Last-Minute Logistics Tell a Bigger Story

A small event update can reveal a lot: in hardware communities, the real infrastructure is not just the stage, but the workshop queue, the pre-event social flow, and the devices people bring to the table.

When Aid Forms Become Malware Traps: The Trust Game Behind Operation HumanitarianBait

Published: 12 May 2026 17:43Category: Cyber Warfare & Nation-State OperationsGeo: Europe / RussiaAuthor: AGONY

A campaign using fake humanitarian documents, GitHub-hosted payloads, and Python spyware shows how ordinary trust cues can be turned into an access path.

Official AI Python Client Reportedly Turned Into a Secret-Harvesting Trap

Published: 12 May 2026 15:28Category: Malware & BotnetsGeo: Europe / FranceAuthor: NEXUSGUARDIAN

A backdoored release of the `mistralai` package shows how a trusted SDK can become an execution path for credential theft the moment Python loads it.

Microsoft Flags a Suspected Poisoning of Mistral AI’s Python Package

Published: 12 May 2026 15:08Category: Malware & BotnetsGeo: Europe / FranceAuthor: NEXUSGUARDIAN

A tampered PyPI release can turn a routine dependency install into a supply-chain risk, especially when developers treat an SDK as trusted infrastructure.

When a Trusted Download Becomes the Trapdoor

Published: 11 May 2026 22:21Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: PATCHKNIGHT

A phishing-led campaign is abusing GitHub Releases as a trusted-looking delivery surface for a Python infostealer, turning routine software distribution into a stealth channel for account theft.