THREATPKG
SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in cscc-glass-house (PyPI)

cscc-glass-house

Risk score

92

AI summary

Indexed incident for cscc-glass-house (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240)

Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-cscc-glass-house

Reasons (based on the campaign):

  • exfiltration-credentials

  • exfiltration-env-variables

  • exfiltration-cloud-tokens

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

  • affected_version<function fixed() { [native code] }75%
  • affected_version<function fixed() { [native code] }75%
  • affected_version<function fixed() { [native code] }75%
  • affected_version<function fixed() { [native code] }75%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents