uitil

MAL-2026-1036

PyPItyposquat1/16/2026

Description

Malicious code in uitil (PyPI)

Indicators of Compromise

SHA256 Hashes (2)

ff0b75197d8e7cd361d61461260811fba8920c54b8538cb5f21ec2fc1c885ec3

243b442528547767d2f56c9ced8cb1b6791997d176602ecc4725194f684fdb05

Domains (1)

or-6.github.io

References (3)

https://github.com/OR-6/PassCheck/blob/main/main.py#L190OSV https://github.com/OR-6/PassCheck/blob/b09b3f1ec5d7345c614b1d956840ee2774f7131b/demo.pngOSV https://bad-packages.kam193.eu/pypi/package/uitilOSV

Details

EcosystemPyPI

Attack Typetyposquat

Published1/16/2026

Quick Actions

All Incidents PyPI Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001