JFrog Security's research team has identified and reported 11 new malicious packages in the Python Package Index (PyPI) that use advanced evasion techniques to avoid detection and compromise developers' systems. Among these techniques, the malware exploits content delivery networks (CDNs) like Fastly for data exfiltration, uses DNS tunneling to communicate with command and control servers, and employs frameworks such as TrevorC2 to mimic legitimate web traffic. Additionally, some packages target Discord users by stealing authentication tokens through dependency confusion attacks. The report highlights the increasing sophistication of these malicious packages, which aim to remain undetected and conduct reconnaissance for potential future attacks rather than executing immediately harmful payloads. JFrog emphasizes the importance of continuous monitoring and automated security scanning to mitigate these emerging threats while supporting legitimate bug-bounty efforts that identify supply chain vulnerabilities.