Tag
critical
advisory
Compromised PyTorch Lightning Packages on PyPI Steal Developer Credentials
2 rules 2 TTPsCompromised PyTorch Lightning packages versions 2.6.2 and 2.6.3 on PyPI contain malicious code to steal developer credentials from cloud and developer environments, and republish infected packages.
pytorch-lightning
supply-chain
pypi
credential-theft
malware
2r
2t
critical
threat
Compromised Telnyx PyPI Package Distributes Credential-Stealing Malware
2 rules 7 TTPs 7 IOCsA threat actor compromised the PyPI package `telnyx`, uploading malicious versions 4.87.1 and 4.87.2 containing credential-stealing malware that exfiltrates data to a C2 server.
TeamPCP
supply-chain
pypi
credential-theft
2r
7t
7i
critical
threat
TeamPCP Backdoors Telnyx PyPI Package with Steganographic Malware
2 rules 5 TTPsThe TeamPCP threat actor compromised the Telnyx PyPI package, injecting credential-stealing malware hidden within WAV audio files to target Linux, macOS, and Windows systems.
TeamPCP
supply chain attack
pypi
credential theft
steganography
2r
5t
high
advisory
Compromised Litellm PyPI Package Versions
2 rules 4 TTPs 1 IOCVersions 1.82.7 and 1.82.8 of the Litellm package on PyPI were compromised in a supply chain attack, potentially impacting numerous users, with recommendations to avoid updating to these versions.
supply-chain
pypi
litellm
compromise
2r
4t
1i