Malicious code in chandan-module-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9b92ee71a8547073a6d21685e6190b1769e93db8cbf2be1a57e7e14e8d0d075 The package chandan-module-test was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2921 Malicious code in chandan-module-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9b92ee71a8547073a6d21685e6190b1769e93db8cbf2be1a57e7e14e8d0d075 The package chandan-module-test was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2927 Malicious code in pa-marked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e01d64e50dea2a8be10707dbd49869a6bcea570bf26829a1738ca2237882249 The package pa-marked was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-6570

creationtimestamp| type| source ---|---|--- 2026-04-19 12:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116431259439926433 2026-04-19 12:00:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjtvqumily26 2026-04-19 13:47:53+00:00| seen|...

MAL-2026-2861 Malicious code in vinext-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5c7279d5c84c989a0deef7944c5d1d22b89651bdc01da8fc5144622a8fc74cb The package vinext-monorepo was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2857 Malicious code in @shoobx/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89c007db99335df1e518ef5f3fc4acc2c7d18c0ca6ba9496a93c6cd688e6ffb3 The package @shoobx/types was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in react-resource-router-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74666c1336dafeaefaa96b6bf71ae8a216aa4eaded1151bbd390c0cb913d1697 The package react-resource-router-next was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2855 Malicious code in react-resource-router-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74666c1336dafeaefaa96b6bf71ae8a216aa4eaded1151bbd390c0cb913d1697 The package react-resource-router-next was found to contain malicious code. Source: ossf-package-analysis...

PT-2026-33606

Some increased actor activities are shown targeting rust-coreutils CVE-2026-6435 https://t.co/IPnkuw7pJ4...

Malicious code in ing-web-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f32dd0f0eff32e970526305378a6623e9af62ab133ddcf04a21aa92f1eb95f26 The package ing-web-v5 was found to contain malicious code. Source: ossf-package-analysis...

[SECURITY] Fedora 44 Update: plasma-activities-stats-6.6.4-1.fc44

Library to access the usage statistics data collected by the KDE activity man ager...

MAL-2026-2696 Malicious code in bfx-hf-strategy-perf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac057221646f5043eab6606ba990a3a112afc149c583347e40321643deab7ba The package bfx-hf-strategy-perf was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2685 Malicious code in react-dom-19 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e6b5a54efd0bd62412ae002a01495b83a035014f59692e4e942aeaf9fd70d0d The package react-dom-19 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @athena-ui-components/deeplink (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74fbec503fca2e61a016a70e66269c234d5329e19a1072a7f777c59fc4d466c The package @athena-ui-components/deeplink was found to contain malicious code. Source: ossf-package-analysis...

Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows

Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery...

WordPress plugin ProfilePress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Malicious code in ckeditor5-minimap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f65f71fdee0224ec38d03c631d1df1a8454347b6d82cfda912b11d387052898c The package ckeditor5-minimap was found to contain malicious code. Source: ossf-package-analysis...

PSF-2026-19

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

MAL-2026-2629 Malicious code in stacks-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15f50509d5d9110a7233db4ed683100cc33c07a09055d93d32ed8f057a34ae3f The package stacks-editor was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-36942

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manageactivity.php...