medium · tech · Disclosed Apr 27, 2026

PyPI package with 1.1M monthly downloads

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]

Original Disclosure

https://www.bleepingcomputer.com/news/security/pypi-package…

Read original

Severity

medium

Sector

tech

Disclosure date

April 27, 2026

Indexed

13 hours, 41 minutes ago

Check Your Exposure → Browse All Breaches View Live Map