PyPI supply chain incidents
9 confirmed incidents affecting the pypi ecosystem.
- activecritical
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent
On June 8, 2026, multiple Graph ML PyPI packages were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections for analyst misdirection, and token-revocation wipers. The attack targeted the bioinformatics ecosystem with sophisticated evasion techniques.
HadesPyPICompromised package - containedhigh
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 science-focused packages on PyPI in a Shai-Hulud supply-chain attack. The trojanized packages were collectively downloaded hundreds of thousands of times and delivered malware designed to steal developer secrets.
Shai-HuludPyPICompromised package - resolvedhigh
durabletask: TeamPCP's Latest PyPi Compromise
Malicious versions of the PyPI package durabletask were published, attributed to the TeamPCP threat actor. The attack matches known TeamPCP tactics used in prior supply chain compromises.
TeamPCPPyPICompromised package - containedcritical
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack
Three malicious versions of Microsoft's durabletask Python package were published to PyPI on May 19, 2026, containing a 28 KB payload that steals credentials from cloud providers (AWS, Azure, GCP), Kubernetes, password managers, and developer tools. The attack has been attributed to the TeamPCP threat group and exhibits indicators of Eastern European cybercrime operations.
TeamPCPPyPICompromised package - containedcritical
TeamPCP Injects Two-Stage Credential Stealer into xinference PyPI Package
The xinference package on PyPI was compromised with a two-stage credential stealer attributed to the TeamPCP threat actor. The malicious code was injected into the package, potentially affecting users who installed compromised versions.
TeamPCPPyPICompromised packageMalicious maintainer - containedhigh
lightning: Obfuscated JavaScript Credential Stealer Bundled in PyPI Wheel
The lightning PyPI package versions 2.6.2 and 2.6.3 were compromised on April 30, 2026, containing obfuscated JavaScript code designed to steal credentials. The project's GitHub account showed signs of compromise, with suspicious responses closing vulnerability reports.
Mini Shai HuludPyPICompromised packageMalicious maintainer - containedcritical
TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package
On March 27, 2026, TeamPCP injected a WAV steganography-based credential stealer into two releases of the telnyx Python SDK on PyPI. The group was identified by shared cryptographic signatures and exfiltration methods matching their earlier litellm compromise.
TeamPCPPyPICompromised package - containedcritical
litellm: Credential Stealer Hidden in PyPI Wheel
A critical supply chain compromise in litellm==1.82.8 on PyPI was identified on March 24, 2026. The malicious PyPI wheel contains a credential stealer hidden in a litellm_init.pth file that executes during package initialization.
TeamPCPPyPICompromised package - containedcritical
bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys
bittensor-wallet 4.0.2 was published to PyPI on March 17, 2026 with a backdoor that exfiltrates private keys. The compromised package remained available for approximately 48 hours before being yanked from the repository.
PyPICompromised package