Research

Anatomy of the Lightning PyPI compromise

Two malicious lightning PyPI versions used a 4-file __init__.py injection to harvest cloud secrets, npm and GitHub tokens, and AWS/GCP/Azure credentials on import — bypassing Lightning AI's CI pipeline. Full forensic breakdown and remediation steps inside.

What 36 Malicious npm Packages Can Do to Your Infrastructure From a postinstall Hook

36 malicious npm packages disguised as Strapi plugins used postinstall hooks to map infrastructure, escape containers, spray credentials, and attempt lateral movement. Full static analysis and remediation steps inside.

Axios NPM package has been compromised and is installing malware

The massively popular Axios npm package, with over 40 million weekly downloads, was compromised on March 31, 2026 after a threat actor hijacked the maintainer's npm and GitHub accounts, published two malicious versions containing a hidden dependency that silently installs cross-platform Remote Access Trojans on macOS, Windows, and Linux -- here's what happened, who's affected, and what you need to do to protect yourself.

TeamPCP Strikes Again: Telnyx Python SDK (790K Monthly Downloads) Hit with Credential-Stealing Malware

The Telnyx Python SDK was compromised with credential-stealing malware by TeamPCP, marking the latest wave in a supply chain attack chain spanning five ecosystems. Learn how the attack connects to prior compromises of Trivy, npm, Checkmarx, and LiteLLM — and what to do if you're affected.

PyPI package with 3.6m daily downloads is compromised

We found a malicious litellm package stealing cloud credentials, crypto wallets, and SSH keys — with Kubernetes cluster takeover built in. Here's the full breakdown.

Open Source Supply Chain Threats: February 2026 in Review

February saw 507 malicious packages and a surge in PyPI activity. This month's spotlight: Safety researchers uncovered new packages from an active WhatsApp botnet campaign.

"NotEason" Campaign: TikTok Tutorials Led to Discord Server Destruction

Hiding in Plain Sight: How a Blatant Cryptominer Survived 3 Years on PyPI

AI Agent Skills: The Story of How We Got Acquainted

We scanned the top 238 skills from skills.sh and ClawHub for malicious payloads, prompt injection, and data exfiltration. Zero confirmed malware, but the attack surface is real.

MagicWolf - Six Weeks of Evolving PyPI Supply Chain Attacks

A single threat actor ran a six-week PyPI supply chain attack, publishing 28 malicious Python packages under six names, evolving from basic malware to sophisticated analyst-evading techniques while making security mistakes that exposed the campaign

Open Source Supply Chain Threats: January 2026 in Review

January 2026 saw 652 malicious packages across NPM and PyPI, with a spotlight on the chai-sub campaign, a multi-layered deception mimicking the popular Pino logging library to deliver remote code execution payloads.

Open Source Supply Chain Threats: December 2025 in Review

In December, we tracked 3,683 malicious packages across NPM and PyPI, including a persistent campaign hijacking Claude Code to steal API keys and exfiltrate developer conversations

Fake Grok API Wrapper Deploys New Malware

The grokwrapper package is a malicious PyPI supply chain attack that targets Python developers by masquerading as an unofficial API wrapper for xAI's Grok.

ExtraZip: Fake ZIP Utilities Unleash Python Malware On Unsuspecting Victims

The "ExtraZip" campaign distributes trojanized Python packages through PyPI, masquerading as ZIP utilities and email libraries while deploying a heavily obfuscated Windows infostealer targeting Telegram and credentials

Malicious Python Packages Deliver "Telegrem-Bot" Malware

A sophisticated multi-stage Python RAT masquerading as an Islamic prayer Telegram bot was discovered in the PyPI package "telegrem," establishing persistent remote access, stealing credentials, exfiltrating sensitive data, and installing SSH backdoors on victim systems.

Hash Validation Packages Targeted by Malicious NPM Packages

Threat actors successfully targeted popular hash validation libraries for months with malicious packages that stole crypto assets

Shai-Hulud 3.0: A Confusing Iteration To The Worm

Shai-hulud part III: "The Reckoning?" has arrived early

Meet "Scopper": A new lightweight Python based remote access trojan (RAT)

Scopper is a new compact, lightweight remote access trojan (RAT) that uses Telegram for its C2

Malicious NPM package targets Polymarket crypto ecosystem

A malicious npm package disguised as a Polymarket trading library that silently steals cryptocurrency wallet files and private keys to drain victims cryptocurrencies

NPM Malware Uses “Cloaking” Technology to Target StandX and Uniswap Users

A NPM malware campaign “Integrator-Filescrypt" targeting cryptocurrency users leverages sneaky Russian cloaking technology to evade security detection

Sneaky NPM packages targeting Claude Code

A malicious NPM package pretends to be the official Claude Code package so it can steal Anthropic credentials and proxy malicious requests to compromised accounts

Malware in 82 NPM Packages targets hospital billing system

NPM based malware targets Vietnamese hospital billing system with coordinated campaign

NPM Packages Are Being Used In Active Credential Phishing Attack

NPM packages being used in active credential phishing attack

"Shai-Hulud" NPM attack runs malicious GitHub Action

An NPM attack compromised dozens of popular packages which then ran malicious GitHub actions in the compromised accounts

NPM Attack Targets Popular Maintainers

A massive NPM attack targeted the most popular package maintainers

Analysing the AI used in the Nx Attack

Safety research team analyzed the multiple AI prompts used in the Nx software supply chain attack

Attack on NPM targets developers using Nx Build Ecosystem

New NPM Based Infostealer Malware Targets Cryptocurrrency developers

Infostealer targets Russian crypto developers

New NPM Based Infostealer Malware Targets Cryptocurrrency developers

Threat actor uses AI to create a better crypto wallet drainer

Safety’s malicious package detection identified a malicious package that appears to have been written by Claude AI

Solana-Drainer Malware Steals Jupyter Notebooks and Source Code

Threat actors are using Python libraries targeting the Solana cryptocurrency ecosystem

Yeshen-Asia Threat Campaign

A sprawling threat campaign over six months spanning dozens of npm packages.

Russian hackers manipulate npm to make realistic packages

Safety’s malicious package detection identified a malicious npm package today named express-exp. This package was brand new, and had only one version, 1.0.1.

The Two Types of Software Risk: Accidental vs. Intentional Threats

Software engineer's accidentally create vulnerabilities in their software, while threat actors create malicious open source components. Your application security tools should protect you from both.

Payment processor publishes official NPM package that leaks credit card data via ngrok

A new npm package published by Cashfree leaks credit card data to an ngrok endpoint.

Critical Supply Chain Attack Targets Ultralytics AI Library

A software supply chain attack recently compromised multiple versions of Ultralytics YOLO, one of the most widely used Python AI libraries for computer vision tasks.

Navigating the NVD Backlog with Safety's Leading Vulnerability Data

The National Vulnerability Database backlog has left many in the cybersecurity community concerned about reliability and timeliness of vulnerability data.

Understanding Open Source Licenses: Mitigating Risks and Ensuring Compliance with Safety CLI

Learn how to navigate the complexities of open-source licenses to mitigate legal and operational risks.

Understanding the Security Vulnerability in the llama-cpp-python Package

A critical security vulnerability was discovered in the llama-cpp-python package, which could have significant implications for systems using this library.

Safety CLI Team Uncovers Unpublished Vulnerability in TensorFlow: CVE-2023-33976

Safety's Cybersecurity Intelligence team discovered an unpublished vulnerability (CVE-2023-33976) in the TensorFlow Python package.

CryptoAITools Supply Chain Attack: What It Means for Package Security

A recently-discovered malicious package has raised alarms across the cryptocurrency development community.

Typosquatting Cyberattack on PyPI Suspends New User and Project Creation

NVD Update Delays and the Impact on the Developer Community: Safety Cybersecurity's Proactive Response

NVD Update Delays and the Impact on the Developer Community: Safety Cybersecurity's Proactive Response

Lessons from the Recent PyTorch Supply Chain Attack

A recent attack by ethical hackers on PyTorch, a popular Machine Learning library, is a stark reminder of the importance of securing software supply chains.

cURL Vulnerability CVE-2023-38545 for Python Systems

A high-severity vulnerability in cURL and its associated library libcurl was disclosed on 11 October, 2023.

Libwebp: Special Vulnerability Advisory (CVE-2023-4863)

In-depth analysis of a recently discovered vulnerability in the libwebp library.