[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqHESF67yheyvq4SBzEMgzM3MyHDhcgwI5SzGlsEzua8":3},{"article":4,"iocs":48},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":30},"ddd169db-c24f-4472-8663-50c87d39becd","Our Artifact Scanner flagged \"pylogxo\", a PyPI typosquat of \"pylogx\" dropping Sirkeira Stealer fr...","our-artifact-scanner-flagged-pylogxo-a-pypi-typosquat-of-pylogx-dropping-sirkeir-e3d418","Our Artifact Scanner flagged \"pylogxo\", a PyPI typosquat of \"pylogx\" dropping Sirkeira Stealer from 69[.]164[.]245[.]166 to harvest browser credentials, Discord, Roblox data & more.\n\nPackage has been removed from PyPI but the payload is still live.\n\npylogxo: https:\u002F\u002Ft.co\u002FiQ62WG6wbI","A malicious Python package named 'pylogxo' was discovered on PyPI, acting as a typosquat for the legitimate package 'pylogx'. This malicious package was designed to download and execute the Sirkeira Stealer, which aimed to harvest sensitive data including browser credentials, Discord tokens, and Roblox account information. Although the package has been removed from PyPI, the associated payload remains active.","PyPI typosquat 'pylogxo' dropped Sirkeira Stealer to harvest credentials.",null,"https:\u002F\u002Fx.com\u002Fnextronresearch\u002Fstatus\u002F2065351311403475258","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHKmZmZsXgAAFtJU.jpg","2026-06-12T08:31:39+00:00","2026-06-12T09:00:11.070846+00:00",8,[18,21,23],{"name":19,"type":20},"pylogxo","product",{"name":22,"type":20},"pylogx",{"name":24,"type":25},"PyPI","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":26,"icon":11,"name":28,"slug":29},"Malware","malware",[31,36,38,43],{"category":32},{"id":33,"icon":11,"name":34,"slug":35},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":37},{"id":26,"icon":11,"name":28,"slug":29},{"category":39},{"id":40,"icon":11,"name":41,"slug":42},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":44},{"id":45,"icon":11,"name":46,"slug":47},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[49,53],{"type":50,"value":51,"context":52},"domain","69.164.245.166","IP address used by the malicious package to download the stealer payload.",{"type":29,"value":54,"context":55},"Sirkeira Stealer","Name of the stealer malware dropped by the typosquat package."]