https://hackingpassion.com/tags/pypi/Recent content in Pypi on HackingPassion.com : root@HackingPassion.com-[~]HugoenThu, 23 Apr 2026 11:10:52 +0200https://hackingpassion.com/pypi-supply-chain-attack-xinference-teampcp/Thu, 23 Apr 2026 11:10:52 +0200https://hackingpassion.com/pypi-supply-chain-attack-xinference-teampcp/<p>A group of attackers has been quietly poisoning Python packages for five weeks straight. They have exfiltrated data from over <strong>500,000 infected machines</strong>, hit more than <strong>1,000 organizations</strong>, and confirmed victims include <strong>Aqua Security</strong>, <strong>Checkmarx</strong>, and government infrastructure including the <strong>European Commission&rsquo;s AWS environment</strong>. Yesterday they struck again. This time the target was <strong>Xinference</strong>, an open-source framework used by developers to run AI models locally. Versions <strong>2.6.0</strong>, <strong>2.6.1</strong>, and <strong>2.6.2</strong> were compromised and have since been pulled from PyPI. If you installed or updated Xinference in the last 24 hours without pinning your version, you need to act now.</p>https://hackingpassion.com/sympy-dev-malware/Thu, 22 Jan 2026 13:32:48 +0100https://hackingpassion.com/sympy-dev-malware/<p>A fake SymPy package deploys XMRig cryptominers on Linux machines. The malware hides inside polynomial functions. It only activates when you do math. Over 1,000 downloads in day one. Still live on PyPI. The real SymPy has 85 million downloads per month. That is the target size. 🧐</p> <p>Socket&rsquo;s Threat Research Team found this on January 21, 2026. The attacker copied SymPy&rsquo;s entire project description and branding, then uploaded it under a name that looks like a development build. Developers searching for SymPy or copy-pasting requirements might grab the wrong package without noticing.</p>