← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious PyPI and npm Packages Exploits Dependencies in Supply Chain Attacks
WHITE cryptocti 2025-08-18 Modified: 2025-09-17
13
IOCs
MEDIUM VOLUME
A malicious PyPI package named termncolor was discovered which introduces persistence and remote code execution via its dependency colorinal.
urlshashes sha256
Indicators of Compromise (1 / 13 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 d4687158da8a5a604baae2208467480f MD5 of af46c7917f04a9039eb0b439a7615ec07b7ad88048cb24fe23c454c16dffcd57 2025-08-18