ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...

TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher ...

Quasar Linux (QLNX) is not an operating system, but a supply chain attack tool that is difficult to detect and remove.

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...

监测发现，近期AI模型部署工具Xinference遭供应链投毒攻击。攻击者向Python官方软件包仓库PyPI（Python Package Index）上传了包含恶意代码的Xinference软件包，用户安装受影响的软件包或者在代码文件中引入Xinference时，恶意代码将自动执行。攻击者可窃取云平台凭据、API密钥、数据库密码、加密货币钱包和 环境变量 ...