Cybersecurity analysts have identified a harmful package within the Python Package Index (PyPI) repository that can extract sensitive information related to developers, including credentials, configuration details, and environment variables, among other data. The package, referred to as chimera-sandbox-extensions, garnered 143 downloads and is likely aimed at individuals utilizing a service named Chimera Sandbox.