Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
The Python workload includes an optional “Python X (64-bit)” component that invokes the official CPython Windows installer (an .exe that chains MSIs). If the CPython installer returns a non-zero exit ...