Trojanized PyPI Package Steals Claude Prompts
A malicious PyPI package named hermes-px masqueraded as a "Secure AI Inference Proxy" while stealing user prompts from Claude and abusing a private university. The title and description do not provide details on scope, timeline, methods, affected users, or remediation.
Scoring Rationale
Security-relevant incident: a trojanized PyPI package stole Claude prompts and abused a university, posing risks to prompt confidentiality and dependency trust. The title/description lack details on scale, timeline, affected parties, and technical methods, so assessment is limited.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
Sources
- Read Original?Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data