Skip to content
supplychainattack.orgSupply chain attack incident catalog

2024 12 Reqesst supply chain incidents

1 confirmed incident publicly associated with this group. Attribution reflects what the cited sources state; it is recorded for filtering, not asserted by this site.

  1. resolvedcritical

    Malicious code in fflask (PyPI)

    Malicious code was published in the fflask package on PyPI. Importing the module triggers an infostealer that exfiltrates data and establishes persistence via autorun directory. The package appears to be a typosquatting attack on a legitimate Flask-related package.

    2024 12 ReqesstPyPICompromised packageTyposquatting