Sunday 05 July 2026 05:50:45 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#Python Package


Invoice Lures, Shortcut Chains, and RAT Swapouts: The New Shape of Phishing Delivery

Published: 02 July 2026 16:52Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A fake invoice PDF, layered shortcuts, and public tunnel infrastructure form a compact delivery chain that can swap between multiple remote access trojans without changing the user-facing lure.

Cloud Services Turned into Malware Hiding Places in a New AsyncRAT Delivery Chain

Published: 02 July 2026 14:55Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

A threat-intelligence report points to Dropbox URLs and TryCloudflare Quick Tunnels being used to move malicious Python packages toward AsyncRAT, showing how familiar infrastructure can be bent into a delivery layer for malware.

Developer Trust Poisoned: The PyPI Wave Behind Shai-Hulud

Published: 09 June 2026 08:15Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

A cluster of newly weaponised Python artefacts shows how package registries can become code-execution traps for developers and CI/CD systems.

When a Python Install Becomes the Attack Surface

Published: 09 June 2026 08:07Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A new wave of malicious PyPI artifacts shows how a small packaging trick can turn routine developer workflows into startup-time execution risk, especially in MCP-linked environments.

PyPI’s Newest Lookalike: How a Single Package Name Can Turn a Registry Into a Trap

Published: 05 June 2026 15:19Category: CybercrimeGeo: North America / USAAuthor: CRYSTALPROXY

A malicious project on Python’s main package index shows why trust in open-source software now starts with name verification, not just reputation.

One Letter, One Registry, One Dangerous Copycat Package

Published: 05 June 2026 10:41Category: CybercrimeGeo: North America / USAAuthor: VULNCRUSADER

A PyPI typosquat built to resemble the parsimonious parser library shows how easily trusted package names can be turned into bait for developers.

LiteLLM Turns Into a Trust Trap in an AI Supply-Chain Theft Case

Published: 27 May 2026 18:28Category: CybercrimeGeo: North America / USAAuthor: CRYSTALPROXY

A reported campaign tied to TeamPCP shows how a single AI middleware package can become a high-value path to secrets, even when the exact compromise method remains unclear.

Poisoned Workflow Code: The DurableTask Package That Put Trust on Trial

Published: 21 May 2026 08:16Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

Three PyPI releases tied to Microsoft’s DurableTask Python client were marked malicious and quarantined, turning a routine dependency into a supply-chain warning for automation-heavy teams.

LiteLLM’s Ghost Release Shows How Package Trust Can Fracture in Plain Sight

Published: 13 May 2026 08:32Category: Research, Exploits & Offensive SecurityGeo: North America / USAAuthor: DEBUGSAGE

A PyPI version with no matching upstream trail turned a routine dependency check into a lesson in software provenance, release governance, and build-time trust.

Microsoft Flags a Suspected Poisoning of Mistral AI’s Python Package

Published: 12 May 2026 15:08Category: Malware & BotnetsGeo: Europe / FranceAuthor: NEXUSGUARDIAN

A tampered PyPI release can turn a routine dependency install into a supply-chain risk, especially when developers treat an SDK as trusted infrastructure.

Millions at Risk: Popular Python Package Hijacked to Steal Secrets in Sophisticated Supply Chain Attack

Published: 28 April 2026 01:07Category: Cyber Intelligence & Threat TrendsAuthor: LOGICFALCON

A trusted open-source tool with over a million downloads was weaponized overnight, exposing sensitive developer credentials and crypto wallets worldwide.

AI Proxy Trojan: How a Fake Python Library Hijacked a Tunisian University’s Chatbot to Steal Your Prompts

Published: 06 April 2026 17:05Category: Cloud, SaaS & Identity SecurityGeo: AfricaAuthor: TRUSTBREAKER

A polished PyPI package duped developers, hijacked a university’s AI backend, and siphoned private user data-all under the guise of a “secure” proxy.

Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Published: 24 November 2025 15:57Category: Cyber Warfare & Nation-State OperationsAuthor: AGONY