hwpxkit added to PyPI

June 7, 2026 • Source: NewsAPI.org • 59 words, ~1 min read

An attacker published 'hwpxkit', a Python package on PyPI, claiming it provides bindings for HWP/HWPX document parsing but may contain malicious code. The package could affect users who install it via pip, potentially leading to remote code execution (RCE) or data exfiltration. No CVE ID has been assigned yet, but the package's malicious nature is confirmed by community reports.

This article is best viewed with JavaScript enabled. Visit: https://10alert.com/article/hwpxkit-added-to-pypi-08e1b875