Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
18 August 2025
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution.
The package, named termncolor, realizes its nefarious functionality through a dependency package called colorinal by means of a multi-stage malware operation, Zscaler