CyberSecurityBoard
Sponsor Register Login

Malicious Passlib Python Package Forces Windows Shutdowns With Invalid Inputs

Published by the threat actor identified as “umaraq,” the package falsely advertises itself as a security solution that will “secure your Python program” while containing destructive code designed to cause immediate system damage. A destructive Python package masquerading as a legitimate password security library has emerged on the Python Package Index (PyPI), targeting Windows developers with immediate system shutdowns upon incorrect password entries. When these developers integrate the malicious package into their workflows, the destructive payload gains the system-level access required to execute immediate shutdown commands, potentially causing data loss and workflow disruption across development teams. The malicious package, named “psslib,” represents a sophisticated typosquatting attack against the widely-used “passlib” library, which receives over 8.9 million monthly downloads from developers implementing secure authentication systems. Socket.dev researchers identified the malicious package through their AI-powered scanning systems, which flagged the destructive system shutdown behavior as anomalous for a purported security library. These multiple attack vectors ensure the malicious payload can execute regardless of how developers integrate the package into their applications, maximizing the potential for system disruption across various implementation scenarios. The psslib package implements its destructive payload through deceptively simple Python functions that leverage the easygui library for user interaction and the os module for system commands. The attack specifically targets Windows development environments, where Python developers commonly possess elevated system privileges necessary for automation and application development tasks. The package remains active on PyPI despite formal petitions for its removal, continuing to pose risks to unsuspecting developers who may accidentally install the typosquatted version during routine dependency management. The “src()” function enables direct system shutdown without any authentication requirements, while the “error()” function combines error message display with forced shutdown execution.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 27 Jun 2025 12:00:11 +0000


Cyber News related to Malicious Passlib Python Package Forces Windows Shutdowns With Invalid Inputs

Malicious Passlib Python Package Forces Windows Shutdowns With Invalid Inputs - Published by the threat actor identified as “umaraq,” the package falsely advertises itself as a security solution that will “secure your Python program” while containing destructive code designed to cause immediate system ...
3 hours ago Cybersecuritynews.com
Python 2 EOL: Coping with Legacy System Challenges - Python 2.7 was the last major version in the 2.x series of this software language, which was launched on July 3, 2010 and was officially maintained and supported until January 1, 2020. At that point, when the Python 2 EOL phase began, the legacy ...
1 year ago Securityboulevard.com
Vulnerability Summary for the Week of January 22, 2024 - Es PrimaryVendor - Product ajaysharma - cups easy Description A vulnerability has been reported in Cups Easy, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting vulnerability via ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of January 29, 2024 - Es PrimaryVendor - Product cups easy - cups easy Description A vulnerability has been reported in Cups Easy, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting vulnerability via ...
1 year ago Cisa.gov
DPython's Poisoned Package: Another 'Blank Grabber' Malware in PyPI - Python Package Index is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform's repository aimed at delivering malware to steal the ...
1 year ago Imperva.com
Cloudflare: Government-backed internet shutdowns plummet to zero in first quarter | The Record from Recorded Future News - “In the past, Cloudflare has seen governments primarily implementing internet shutdowns around national exams, and around (disputed) elections and/or protests, so fewer of these events in the first quarter may have been a factor,” a spokesperson ...
2 months ago Therecord.media Silence
116 Malicious PyPI Packages Downloaded Over 10,000 Times - A cluster of malicious Python projects has been identified in PyPI, the official Python PyPI package repository, which targets both Windows and Linux systems and often deploys a custom backdoor. In certain instances, the ultimate payload consists of ...
1 year ago Cybersecuritynews.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Malicious NPM, PyPI Packages Stealing User Information - Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors ...
2 years ago Securityweek.com
Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
1 year ago Securitylabs.datadoghq.com
Hackers Employ DLL Side-Loading To Deliver Malicious Python Code - DLL side-loading exploits the Windows DLL search order mechanism, where attackers place malicious DLL files in locations where legitimate applications will load them instead of the intended legitimate libraries. The technique enables attackers to ...
3 months ago Cybersecuritynews.com
X protests forced suspension of accounts in India The Register - The global government affairs team at X has suspended some accounts and posts in India after receiving executive orders to do so from the country's government, backed by threat of penalties including significant fines and imprisonment. X did not ...
1 year ago Go.theregister.com
Critical Flaw in AI Python Package Can Lead to System and Data Compromise - A critical vulnerability discovered recently in a Python package used by AI application developers can allow arbitrary code execution, putting systems and data at risk. The issue, discovered by researcher Patrick Peng, is tracked as CVE-2024-34359 ...
1 year ago Packetstormsecurity.com CVE-2024-34359
Python JSON Logger Vulnerability Allows Remote Code Execution - PoC Released - The researcher identified that the python-json-logger package declared a dependency named msgspec-python313-pre in its pyproject.toml file, but this dependency was not present on PyPI and not registered by any entity. When users install ...
2 months ago Cybersecuritynews.com CVE-2025-27607
North Korean Hackers Employs Social Engineering Tactics & Python Script - The attackers employ a dual approach: meticulously crafted social engineering schemes combined with elegantly disguised Python code to gain initial access to target systems. Behind the scenes, the code establishes connections to command and control ...
2 months ago Cybersecuritynews.com
Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats - In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not be ignored. Threat intelligence involves the systematic collection, analysis, and application of data to understand potential ...
1 year ago Hackread.com
Stop PyRation Python Malware From Infecting Your Windows OS - With the popularity of Python growing, the malicious aspects of the programming language are becoming prevalent as well. PyRation Python malware is one of the most dangerous forms of malicious software for Windows operating systems (OS). It affects ...
2 years ago Hackread.com
CVE-2021-32807 - The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The ...
2 years ago
Cybercriminals pose as "helpful" Stack Overflow users to push malware - Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware-answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware. Sonatype researcher Ax Sharma discovered ...
1 year ago Bleepingcomputer.com
Serious Security: Outdated Crypto Causes Samba Logon Bug - Over the years the Samba project has not only introduced and fixed its own unique bugs, as any complex software project generally does, but has also inherited bugs and shortcomings in the underlying protocol, given that its goal has always been to ...
2 years ago Nakedsecurity.sophos.com CVE-2022-38023
How Stealthy Python Rat Malware is Targeting Windows Systems - Cybersecurity experts have recently alerted Windows users to a new malware threat: a stealthy python-based RAT malware that is specifically targeting Windows systems. The malware, which has been dubbed “Python Rat” by security researchers, has ...
2 years ago Bleepingcomputer.com
New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload - These packages act as downloaders, injecting malicious code into locally installed versions of the legitimate ethers package, ultimately creating a reverse shell on the victim’s machine. The threat actor may have been attempting to ...
3 months ago Cybersecuritynews.com
PyPi package backdoors Macs using the Sliver pen-testing suite - A new package mimicked the popular 'requests' library on the Python Package Index to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. Discovered by Phylum, the campaign involves ...
1 year ago Bleepingcomputer.com
CVE-2023-26154 - Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; ...
1 year ago Tenable.com
New Supply Chain Attack Leveraging Python Package Index Targeting Wacatac Trojan - A new supply chain attack has recently been detected targeting Python Package Index (PyPI) users with the Wacatac Trojan. This attack is seen as the latest in a series of advanced persistent threats (APT) targeting the escalating use of Python in ...
2 years ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)