Threats Tagged 'cloud exploitation'
View all threats tagged with 'cloud exploitation'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cloud exploitation'
Click on any threat for detailed analysis and mitigation recommendations
Supply Chain Poisoning via PyPI Repository Compromise 0 Xinference, an open-source distributed AI model inference framework, suffered a supply chain attack when attackers compromised PyPI release credentials of maintainers and published three malicious versions (2.6.0, 2.6.1, 2.6.2) on April 22, 2026. The malicious code, encoded in Base64 layers within __init__.py, executes automatically upon library installation or import, collecting cloud credentials, SSH keys, API tokens, database passwords, cryptocurrency wallets, and environment variables. The payload specifically targets AWS environments through metadata service exploitation and uploads stolen data to attacker-controlled infrastructure. The attack affects users who downloaded these versions from PyPI, which has over 680,000 total downloads. Attribution remains unclear as TeamPCP's name appears in the code but the group denies involvement, suggesting third-party impersonation. Join the discussion | AlienVault OTX General | 04/27/2026, 11:40:56 UTC Added: 04/27/2026, 12:00:05 UTC |
Showing 1 to 1 of 1 result