marshmellow

MAL-2026-864

PyPItyposquat2/12/2026
Description

Malicious code in marshmellow (PyPI)

Indicators of Compromise
SHA256 Hashes (3)
dbf6f50353e6489a831a2575831b93fd5f99a9cbd60cc30260fd13838beda73f
385a79bb53771282b64601f5a3b17f0d7a3d735efbf863584f0dd2755bc2bf08
f4aaf04cc47fc8c3690dc509c889e05ca1a17673a00bf32579c76b629c6b58c5
References (1)
https://bad-packages.kam193.eu/pypi/package/marshmellowOSV
Details
EcosystemPyPI
Attack Typetyposquat
Published2/12/2026
Quick Actions
All IncidentsPyPI Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001