dotenv-sync

MAL-2026-6082

PyPImalware6/17/2026

Description

Malicious code in dotenv-sync (PyPI)

Indicators of Compromise

SHA256 Hashes (1)

8fa0ec08d0cd452a37bf602615f61dfbbdab27d55180f1e09f53a218b18673f5

References (4)

https://www.virustotal.com/gui/file/b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3/detectionOSV https://www.virustotal.com/gui/file/7b58136e8884b65ca9a62dc9b2698dc0904b06dbb772d96ad3c3d31934dc6865/detectionOSV https://hybrid-analysis.com/sample/b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3OSV https://bad-packages.kam193.eu/pypi/package/dotenv-syncOSV

Details

EcosystemPyPI

Attack Typemalware

Published6/17/2026

Quick Actions

All Incidents PyPI Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001