A malicious Python package has been discovered on PyPI that disguises itself as a privacy-focused AI inference tool while quietly stealing sensitive user data in the background. Named hermes-px, the package marketed itself as a “Secure AI Inference Proxy” that routes all AI requests through the Tor network to protect user anonymity. In reality, it hijacked […] The post Trojanized PyPI AI Proxy Uses Stolen Claude Prompt to Exfiltrates Data appeared first on Cyber Security News.