SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in veloxml-cli (PyPI)

Published May 28, 2026, 08:25 PM

Risk score

92

AI summary

Indexed incident for veloxml-cli (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (57a2b332595fb95752df25e794528ff2dd610bf3977b8d4abd7574cb0f21cdff)

The package advertises fake functionality and exfiltrates the given email and basic information about the host when used.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-veloxml-cli

Reasons (based on the campaign):

action-hidden-in-lib-usage
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%

Timeline

May 28, 08:25 PMAdvisory published
May 29, 06:41 AMIndexed by ThreatPkg

Related incidents