pypi Archives - Security Affairs

Pierluigi Paganini July 30, 2025

PyPI maintainers alert users to email verification phishing attack

PyPI warns of phishing emails from noreply@pypj[.]org posing as “[PyPI] Email verification” to redirect users to fake package sites. PyPI warns of an active phishing attack using fake “[PyPI] Email verification” messages from noreply@pypj[.]org, aiming to lure users to spoofed PyPI sites. PyPI, short for the Python Package Index, is the official repository for Python […]

Pierluigi Paganini September 23, 2024

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncovered an ongoing campaign distributing Linux and macOS malwar PondRAT through poisoned Python packages. The campaign is attributed to North Korea-linked threat actor Gleaming Pisces (also known as Citrine Sleet), who previously distributed the macOS […]

Pierluigi Paganini May 30, 2023

PyPI enforces 2FA authentication to prevent maintainers’ account takeover

PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. Over the past few years, there has been a rise […]

Pierluigi Paganini May 21, 2023

PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks

The Python Package Index (PyPI) maintainers have temporarily disabled the sign up and package upload processes due to an ongoing attack. The maintainers of Python Package Index (PyPI), the Python software repository, have temporarily disabled the sign up and package upload processes due to an ongoing attack. The maintainers opted to disable the above functionalities […]

Pierluigi Paganini March 27, 2023

Malicious Python Package uses Unicode support to evade detection

Researchers discovered a malicious package on PyPI that uses Unicode to evade detection while stealing sensitive data. Supply chain security firm Phylum discovered a malicious Python package on the Python Package Index (PyPI) repository that uses Unicode to evade detection and deliver information-stealing malware. The package, named onyxproxy, was uploaded to the PyPI repository on March […]

Pierluigi Paganini March 06, 2023

Colour-Blind, a fully featured info stealer and RAT in PyPI

Experts discovered a fully featured information stealer, tracked as ‘Colour-Blind’ in the Python Package Index (PyPI). Researchers from Kroll’s Cyber Threat Intelligence team discovered a malicious Python package uploaded to the Python Package Index (PyPI) that contained a fully-featured information stealer and remote access trojan tracked as Colour-Blind. Below is the list of capabilities supported […]

Pierluigi Paganini January 17, 2023

Fortinet observed three rogue PyPI packages spreading malware

Researchers discovered three malicious packages that have been uploaded to the Python Package Index (PyPI) repository by Lolip0p group. FortiGuard Labs researchers discovered three malicious PyPI packages (called ‘colorslib’, ‘httpslib’, and “libhttps”) on the PyPI repository that were uploaded by the same actor, Lolip0p. The packages were discovered on January 10, 2023, the packages “colorslib” and […]

Pierluigi Paganini December 20, 2022

Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware

Researchers spotted a malicious package in the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne. Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne. The malicious package was first […]

Pierluigi Paganini November 10, 2022

Researchers warn of malicious packages on PyPI using steganography

Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github. The […]

Pierluigi Paganini November 05, 2022

29 malicious PyPI packages spotted delivering the W4SP Stealer

Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […]

pypi

PyPI maintainers alert users to email verification phishing attack

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

PyPI enforces 2FA authentication to prevent maintainers’ account takeover

PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks

Malicious Python Package uses Unicode support to evade detection

Colour-Blind, a fully featured info stealer and RAT in PyPI

Fortinet observed three rogue PyPI packages spreading malware

Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware

Researchers warn of malicious packages on PyPI using steganography

29 malicious PyPI packages spotted delivering the W4SP Stealer

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

DOJ takes action against 22-year-old running RapperBot Botnet

Google fixed Chrome flaw found by Big Sleep AI

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

A hacker tied to Yemen Cyber Army gets 20 months in prison

Exploit weaponizes SAP NetWeaver bugs for full system compromise

QUICK LINKS

pypi

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!