THREATPKG
SYNC STALE
Supply-chain threat intelligence
Incident detail
criticalpypi·credential theft·osv
Malicious code in sf-silly-goose-requests (PyPI)
Risk score
92
AI summary
Indexed incident for sf-silly-goose-requests (pypi).
Description
-= Per source details. Do not edit below this line.=-
Source: kam193 (d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60)
Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-sf-silly-goose-requests
Reasons (based on the campaign):
exfiltration-credentials
exfiltration-env-variables
Technical details
Affected versions
<function fixed() { [native code] }
Indicators
- affected_version<function fixed() { [native code] }75%
- affected_version<function fixed() { [native code] }75%
Timeline
- Advisory published
- Indexed by ThreatPkg