{"id":35987,"date":"2026-04-24T08:44:33","date_gmt":"2026-04-24T08:44:33","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=35987"},"modified":"2026-04-24T08:45:16","modified_gmt":"2026-04-24T08:45:16","slug":"xinference-pypi-supply-chain-poisoning-warning","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/xinference-pypi-supply-chain-poisoning-warning\/","title":{"rendered":"Xinference PyPI Supply Chain Poisoning Warning"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p>Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious versions implanted with Trojans on April 22, GMT+8. When triggered by the user, it will collect cloud credentials, SSH keys, API tokens, Sensitive data such as database passwords, cryptocurrency wallets and environmental variable configurations are packaged and sent to the attacker&#8217;s C2 server; The impact is wide, and relevant users are requested to take measures for investigation and protection as soon as possible.<\/p>\n\n\n\n<p>Xinference (Xorbits Inference) is an open source distributed AI model inference framework designed specifically for the deployment and management of language, speech recognition, and multimodal models. It is widely used in AI development, research, and privatized large-scale model deployment.<\/p>\n\n\n\n<p>Reference link: <a href=\"https:\/\/research.jfrog.com\/post\/xinference-compromise\">https:\/\/research.jfrog.com\/post\/xinference-compromise<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Scope of Impact<\/h2>\n\n\n\n<p><strong>Affected versions<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Xinference = 2.6.0<\/li>\n\n\n\n<li>Xinference = 2.6.1<\/li>\n\n\n\n<li>Xinference = 2.6.2<\/li>\n<\/ul>\n\n\n\n<p>Note: The total download volume of Xinference in the PyPI repository has exceeded 680,000 times, and users who have installed and used the above 3 malicious versions are affected.<\/p>\n\n\n\n<p><strong>Unaffected version<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Xinference &lt;= 2.5.0<\/li>\n<\/ul>\n\n\n\n<p>Note: Please pay attention to the official version release dynamics, download link: <a href=\"https:\/\/github.com\/xorbitsai\/inference\/releases\">https:\/\/github.com\/xorbitsai\/inference\/releases<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Event Analysis<\/h2>\n\n\n\n<p><strong>Event timeline<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>April 13, 2026: Xinference officially released version 2.5.0<\/li>\n\n\n\n<li>April 22, 2026: Attackers release 3 malicious versions of PyPI, and users report suspicious behavior<\/li>\n\n\n\n<li>April 22, 2026: JFrog releases analysis report, TeamPCP statement that third parties are using its name to commit crimes<\/li>\n\n\n\n<li>April 23, 2026: NSFOCUS CERT issues incident warning<\/li>\n<\/ul>\n\n\n\n<p>The attacker&#8217;s supply chain poisoning against Xinference should be achieved by obtaining the PyPI permission credentials of the Xinference maintenance personnel, who implanted malicious code encoded in multiple layers of Base64 in the project&#8217;s __init__.py module file. When the user installs the affected xinference library or executes import xinference, The Python interpreter loads __init__.py, where the malicious payload is automatically decoded and executed in memory; The decoded payload annotation begins with the # hacked by teampcp logo, which may be related to the participant mark that appeared in the recent TeamPCP intrusion incident. However, TeamPCP denied carrying out this attack through its social account and called it a deliberate imitation by a third party. After a user discovered abnormal behavior and asked about it on the project&#8217;s GitHub issue, Xinference maintainers confirmed and urgently removed the relevant malicious version.<\/p>\n\n\n\n<p><strong>Malicious version behavior<\/strong><strong><\/strong><\/p>\n\n\n\n<p>Xinference 3 malicious versions of __init__.py execute code when imported into Python, creating a variable named &#8220;test&#8221; and a payload containing base64 encoding, decoding it and passing it to subprocess.Popen for execution:<\/p>\n\n\n\n<p><strong>Stage1<\/strong><\/p>\n\n\n\n<p>1. Create a temporary directory;<\/p>\n\n\n\n<p>2. Decode the second-stage collector and derive a separate child Python interpreter process<\/p>\n\n\n\n<p>3. Write the standard output of the child process to a temporary file and compress it into love.tar.gz<\/p>\n\n\n\n<p>4. Use the curl command with a custom HTTP header X-QT-SR: 14 to upload the collected data to the attacker&#8217;s server https:\/\/whereisitat.lucyatemysuperbox.space<\/p>\n\n\n\n<p>5. Perform exception handling, suppress stdout\/stderr and clean up temporary files to achieve concealment<\/p>\n\n\n\n<p><strong>Stage2<\/strong><\/p>\n\n\n\n<p>1. Obtain the current user, device, IP address, network interface, environment variables and SSH key information of the target host<\/p>\n\n\n\n<p>2. Extract configuration files: .env, .npmrc\/.pypirc, AWS, Kubernetes, Google Cloud, Docker, database configuration<\/p>\n\n\n\n<p>3. Collect key credentials: SSH key, SSL certificate, Git credential, AWS\/Azure\/GCP cloud credential, Slack key, Discord keySlack key, Discord key, database password<\/p>\n\n\n\n<p>4. Get infrastructure: Terraform, Helm, WireGuard configuration<\/p>\n\n\n\n<p>5. Other information: shell history, cryptocurrency wallet, local account data<strong><\/strong><\/p>\n\n\n\n<p><strong>AWS-specific exploitation behavior<\/strong><strong><\/strong><\/p>\n\n\n\n<p>Actively detect cloud metadata services 169.254.169.254\/169.254.170.2, retrieve IMDSv2 tokens and IAM role credentials, capture temporary cloud credentials and try to call Secrets Manager and SSM to obtain sensitive information in the cloud environment.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"479\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2026\/04\/0424-1-1024x479.png\" alt=\"\" class=\"wp-image-35989\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2026\/04\/0424-1-1024x479.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2026\/04\/0424-1-300x140.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2026\/04\/0424-1-768x360.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2026\/04\/0424-1-1536x719.png 1536w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2026\/04\/0424-1-2048x959.png 2048w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2026\/04\/0424-1-600x281.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2026\/04\/0424-1-150x70.png 150w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\">Trojan execution process (Source: ox.security)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Risk Investigation<\/h2>\n\n\n\n<p>Relevant users can conduct troubleshooting according to the following steps:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group has-cyan-bluish-gray-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>1. Check the current Xinference version:<\/p>\n\n\n\n<p>pip show xinference | grep Version<\/p>\n\n\n\n<p>2. If it is a malicious version, immediately downgrade to the safe version: pip&nbsp;install&nbsp;xinference==2.5.0&nbsp;-y<\/p>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<p>If it is confirmed that there are malicious packages in the environment, the infected assets should be taken offline immediately and the hosts should be physically or logically isolated.<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group has-cyan-bluish-gray-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>#Clean pip cache:<br>&nbsp;pip cache purge<\/p>\n\n\n\n<p># Check if there is any residue in the xinference directory under<br>&nbsp;site-packages: python -c &#8220;import site; Print(site.getsitepackages())&#8221;<br>&nbsp;find &lt;the above site-packages path&gt; -path &#8220;*xinference*&#8221; 2&gt;\/dev\/null If residual files are found, the entire xinference directory and associated egg-info need to be recursively deleted; at the same time, check whether the ~\/.xinference\/ configuration directory has been tampered with, clear its contents and rebuild permissions. Finally, verify that there are no xinference entries in the pip list output. Running python -c &#8220;import xinference&#8221; should report ImportError to ensure complete removal.<\/p>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<p>Check whether there are abnormal external connection behaviors or C2 communication traces, and whether requests to 169.254.169.254\/169.254.170.2 appear in the log; Users can add the configuration: 127.0.0.1 whereisitat.lucyatemysuperbox.space in the host file to block malicious domain names from attackers.<\/p>\n\n\n\n<p>Review server login logs and sensitive files to check for abnormal logins and backdoor legacy:<\/p>\n\n\n\n<div class=\"wp-block-group has-cyan-bluish-gray-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p># Check whether the SSH key has been accessed or modified abnormally:<br>\u00a0Ls -la ~\/.ssh\/id_rsa ~\/.ssh\/authorized_keys 2>\/dev\/null#Check<br><br>\u00a0whether there are abnormal curl\/wget\/base64 decoding commands in the shell history:<br>\u00a0Grep -E &#8220;curl|wget|base64&#8221; ~\/.bash_history ~\/.zsh_history 2>\/dev\/null#Check<br><br>\u00a0whether there is sensitive information in the environment variable:<br>\u00a0env | grep -E &#8220;SECRET|TOKEN|PASSWORD|KEY&#8221;<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Summary and Recommendations<\/h2>\n\n\n\n<p>This incident has once again sounded the alarm for security in the AI ecosystem and open source community. Supply chain security is no longer just an option for traditional development, but has gradually become the core infrastructure of the AI era. All units must establish a normalized open source component security audit mechanism and build a complete supply chain security governance system to prevent such threats.<\/p>\n\n\n\n<p>It is recommended that affected users take the following measures to deal with it:<\/p>\n\n\n\n<p>1. Revoke and rotate all SSH keys, cloud service certificates, API Keys, certificate keys, k8s tokens, database passwords, cryptocurrency wallets and other credentials;<\/p>\n\n\n\n<p>2. Block and investigate malicious IoCs;<\/p>\n\n\n\n<p>3. Enable two-factor authentication for accounts on platforms such as PyPI and GitHub and rotate secrets regularly;<\/p>\n\n\n\n<p>4. Build an internal private PyPI image, scan it securely to verify the signature before synchronizing;<\/p>\n\n\n\n<p>5. Establish a normalized open source component security audit mechanism and increase multiple approval processes before release;<\/p>\n\n\n\n<p>6. Subscribe to PyPI security alerts, GitHub Security Advisories, etc. for supply chain monitoring.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">IOCs<\/h2>\n\n\n\n<p><strong>Malicious files<\/strong><strong><\/strong><\/p>\n\n\n\n<p>File name: xinference-2.6.0.tar.gz<\/p>\n\n\n\n<p>MD5:971670c10eff28339a085ca50a600e35<\/p>\n\n\n\n<p>File name: xinference-2.6.0-py3-none-any.whl<\/p>\n\n\n\n<p>MD5:3ee893ae46530b92e0d26435fb979d82<\/p>\n\n\n\n<p>File name: xinference-2.6.1.tar.gz<\/p>\n\n\n\n<p>MD5:9b3257e45b27a6bbe4e240e41a3a306f<\/p>\n\n\n\n<p>File name: xinference-2.6.1-py3-none-any.whl<\/p>\n\n\n\n<p>MD5:e291734d46c313a23d676681499f8846<\/p>\n\n\n\n<p>File name: xinference-2.6.2.tar.gz<\/p>\n\n\n\n<p>MD5:484067fd6232f7cdd7b664b33857fc2c<\/p>\n\n\n\n<p>File name: xinference-2.6.2-py3-none-any.whl<\/p>\n\n\n\n<p>MD5:c6ce4e25f7fe3e3bb1eea2e9052483bf<\/p>\n\n\n\n<p>File name: xinference\/__init__.py<\/p>\n\n\n\n<p>SHA256: e1e007ce4eab7774785617179d1c01a9381ae83abfd431aae8dba6f82d3ac127<\/p>\n\n\n\n<p>After one decoding SHA256: 077d49fa708f498969d7cdffe701eb64675baaa4968ded9bd97a4936dd56c21c<\/p>\n\n\n\n<p>SHA256 after secondary decoding: fe17e2ea4012d07d90ecb7793c1b0593a6138d25a393192263e751660ec3cd0<\/p>\n\n\n\n<p>Temporary archive file: love.tar.gz<\/p>\n\n\n\n<p>Text tag string: #hacked by teampcp<\/p>\n\n\n\n<p><strong>Malicious domain name<\/strong><strong><\/strong><\/p>\n\n\n\n<p>whereisitat.lucyatemysuperbox.space<\/p>\n\n\n\n<p><strong>Malicious URL<\/strong><strong><\/strong><\/p>\n\n\n\n<p>hxxps:\/\/whereisitat.lucyatemysuperbox.space<\/p>\n\n\n\n<p><strong>Others<\/strong><strong><\/strong><\/p>\n\n\n\n<p>HTTP header: X-QT-SR: 14<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Statement<\/h2>\n\n\n\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About NSFOCUS<\/h2>\n\n\n\n<p>NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.<\/p>\n\n\n\n<p>Founded in 2000, NSFOCUS operates globally with over 3000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world\u2019s top ten telecommunications companies.<\/p>\n\n\n\n<p>Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious versions implanted with Trojans on April 22, GMT+8. When triggered by the user, it will collect cloud credentials, SSH keys, API tokens, Sensitive [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":28664,"comment_status":"open","ping_status":"open","sticky":false,"template":"post-templates\/single-layout-8.php","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[2159,918,2160,2161,2162],"class_list":["post-35987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response","tag-pypi","tag-supply-chain","tag-supply-chain-poisoning","tag-xinference","tag-xorbits-inference"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Xinference PyPI Supply Chain Poisoning Warning - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Xinference PyPI Supply Chain Poisoning Warning - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious versions implanted with Trojans on April 22, GMT+8. When triggered by the user, it will collect cloud credentials, SSH keys, API tokens, Sensitive [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-24T08:44:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-24T08:45:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png\" \/>\n\t<meta property=\"og:image:width\" content=\"169\" \/>\n\t<meta property=\"og:image:height\" content=\"107\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Xinference PyPI Supply Chain Poisoning Warning\",\"datePublished\":\"2026-04-24T08:44:33+00:00\",\"dateModified\":\"2026-04-24T08:45:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/\"},\"wordCount\":1478,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"keywords\":[\"PyPI\",\"supply chain\",\"supply chain poisoning\",\"Xinference\",\"Xorbits Inference\"],\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/\",\"name\":\"Xinference PyPI Supply Chain Poisoning Warning - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"datePublished\":\"2026-04-24T08:44:33+00:00\",\"dateModified\":\"2026-04-24T08:45:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"width\":169,\"height\":107,\"caption\":\"Critical alert icon with shield symbol.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/xinference-pypi-supply-chain-poisoning-warning\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Xinference PyPI Supply Chain Poisoning Warning\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Xinference PyPI Supply Chain Poisoning Warning - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/","og_locale":"pt_BR","og_type":"article","og_title":"Xinference PyPI Supply Chain Poisoning Warning - NSFOCUS","og_description":"Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious versions implanted with Trojans on April 22, GMT+8. When triggered by the user, it will collect cloud credentials, SSH keys, API tokens, Sensitive [&hellip;]","og_url":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/","og_site_name":"NSFOCUS","article_published_time":"2026-04-24T08:44:33+00:00","article_modified_time":"2026-04-24T08:45:16+00:00","og_image":[{"width":169,"height":107,"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","type":"image\/png"}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"7 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Xinference PyPI Supply Chain Poisoning Warning","datePublished":"2026-04-24T08:44:33+00:00","dateModified":"2026-04-24T08:45:16+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/"},"wordCount":1478,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","keywords":["PyPI","supply chain","supply chain poisoning","Xinference","Xorbits Inference"],"articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/","url":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/","name":"Xinference PyPI Supply Chain Poisoning Warning - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","datePublished":"2026-04-24T08:44:33+00:00","dateModified":"2026-04-24T08:45:16+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","width":169,"height":107,"caption":"Critical alert icon with shield symbol."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/xinference-pypi-supply-chain-poisoning-warning\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Xinference PyPI Supply Chain Poisoning Warning"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/35987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=35987"}],"version-history":[{"count":2,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/35987\/revisions"}],"predecessor-version":[{"id":35992,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/35987\/revisions\/35992"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/28664"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=35987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=35987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=35987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}