If you're still using the SH Decorator (ssh-decorate) module in your projects, the last safe version was 0.27. Versions 0.28 through 0.31 were deemed malicious.

Stealing SSH and GPG keys. According to Martini, the malicious code was present only in the jeIlyfish library. The python3-dateutil package didn't contain malicious code of its own, but it did ...

Crooks are apparently using brute-force attacks against Linux systems that feature exposed SSH ports. If they guess the password, they use Python scripts to install a Monero miner.

The Bless SSH Certificate Authority to protect SSH resources. Repokid allows Python to be used to help with IAM (Identity and Access Management) permission tuning.