VulnHub

Real-time Cybersecurity News

Malicious PyPI package enables Claude prompt, data compromise

SCM feed for Latest
Actively Exploited
Data BreachMalware

Overview

A malicious package named 'hermes-px' has been found on PyPI, posing as an AI inference proxy tool compatible with OpenAI. This package was used by attackers to compromise the internal AI endpoint of a Tunisian university. Once inside, they were able to exfiltrate sensitive data, including prompts and conversations from Anthropic's Claude AI. This incident raises concerns about the security of third-party packages and the potential for serious data breaches if similar tactics are employed elsewhere. Users and developers need to be vigilant about the origins of the code they use to avoid falling victim to such attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: PyPI, hermes-px package, Anthropic Claude AI
  • Action Required: Users should avoid using unverified packages, conduct thorough code reviews, and implement security measures to monitor for unauthorized data access.
  • Timeline: Newly disclosed

Original Article Summary

Malicious PyPI package enables Claude prompt, data compromise GBHackers News reports that threat actors have been distributing the illicit PyPI package 'hermes-px' under the guise of an OpenAI-compatible secure AI inference proxy tool to take over a Tunisian university's internal AI endpoint and exfiltrate Anthropic Claude Code prompts and conversations.

Impact

PyPI, hermes-px package, Anthropic Claude AI

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should avoid using unverified packages, conduct thorough code reviews, and implement security measures to monitor for unauthorized data access.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach, Malware.

Read Original Article

Related Coverage

Voxbeam fined $4.5M by FCC over robocall case

SCM feed for Latest

Voxbeam Telecommunications, a major U.S. voice service provider, has been fined $4.5 million by the Federal Communications Commission (FCC) for mishandling call traffic. The FCC found that Voxbeam accepted suspicious call traffic from a foreign provider without proper authorization. This incident raises concerns about the integrity of telecommunications networks and the potential for abuse through unauthorized call traffic. The fine serves as a reminder for voice service providers to ensure compliance with regulations designed to combat robocalls and protect consumers. As the issue of robocalls continues to plague many Americans, this action by the FCC aims to strengthen enforcement against companies that contribute to the problem.

Apr 7, 2026

FBI: Americans lost a record $21 billion to cybercrime last year

BleepingComputer

According to the FBI, Americans lost nearly $21 billion to cyber-enabled crimes in the past year. The report identifies investment scams, business email compromise, tech support fraud, and data breaches as the primary drivers of these losses. This staggering amount reflects the growing sophistication of cybercriminals and the vulnerabilities that individuals and businesses face. Victims range from everyday citizens to large organizations, all of whom are at risk of falling prey to these types of scams. The increasing financial impact of cybercrime emphasizes the need for better awareness and protective measures to safeguard against such threats.

Apr 7, 2026

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

Security Affairs

A serious vulnerability in Flowise, identified as CVE-2025-59528, is currently being exploited by attackers to execute malicious code remotely. This flaw, which has a CVSS score of 10, arises from insufficient validation of user-supplied JavaScript, allowing unauthorized access to systems and file systems. Organizations using Flowise are at risk, as this vulnerability can lead to significant security breaches. The exploitation of such vulnerabilities can result in data theft, system compromise, and other malicious activities. It's essential for users and administrators to be aware of this issue and take appropriate action to protect their systems.

Apr 7, 2026

Grafana Patches AI Bug That Could Have Leaked User Data

darkreading

Grafana has patched a significant vulnerability that could have allowed attackers to exploit artificial intelligence features on their platform. By embedding harmful instructions in a webpage controlled by the attacker, the AI could interpret these commands as legitimate requests, potentially leading to the exposure of sensitive user data. This issue raises concerns for organizations using Grafana, as it highlights the risks associated with AI integrations in web applications. Users are advised to update their Grafana installations to safeguard against this vulnerability, which could have serious implications for data security if left unaddressed.

Apr 7, 2026

Snowflake customers hit in data theft attacks after SaaS integrator breach

BleepingComputer

A recent breach at a Software as a Service (SaaS) integration provider has led to data theft affecting over a dozen companies. Attackers stole authentication tokens, enabling unauthorized access to sensitive information. This incident highlights the vulnerability of third-party services, which can serve as gateways for attackers to infiltrate larger networks. Companies that use the affected integration provider are now at risk of having their data compromised. As the situation develops, affected organizations must assess their security measures and ensure that they are safeguarding against similar breaches in the future.

Apr 7, 2026

Cybercrime losses break the $20 billion mark

Help Net Security

Cybercrime is becoming an increasingly costly issue, with losses from online crime surpassing $20 billion in 2025, according to the FBI’s Internet Crime Complaint Center (IC3). This marks a significant 26% increase from the previous year, driven largely by fraud, which accounted for about 85% of the total losses. The report indicates that over one million complaints were filed, with cyber-enabled fraud alone resulting in nearly $17.7 billion in damages. The rise in these financial losses points to a growing vulnerability among individuals and businesses, emphasizing the urgent need for improved cybersecurity measures. As online crime continues to evolve, both users and organizations must remain vigilant to protect themselves from these threats.

Apr 7, 2026