4 matches found
Malicious code in leo-auth (npm)
The leo-auth npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in @antv/async-hook (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4033 Malicious code in @antv/l7 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
FileCodeBox 安全漏洞
FileCodeBox is a file courier locker for vastsa personal developers. Files can be shared with an anonymous password. A security vulnerability exists in FileCodeBox version 2.0 that stems from allowing OneDrive passwords and AWS keys to be stored in plaintext environment files...