Supply-chain threat intelligence
Risk score
92
Indexed incident for paysafe-sdk (pypi).
When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-paysafe-api
Reasons (based on the campaign):
exfiltration-env-variables
dependency-confusion
action-hidden-in-lib-usage
The package contains code to detect if it is running in a sandbox environment.
obfuscation
Affected versions
Indicators
Timeline