2051 matches found
MAL-2026-1972 Malicious code in wildhunter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd5020979c3e9df261b6bb1525d91874b0c3dd993d6007d1f5f3fe40293a9a6c The package wildhunter was found to contain malicious code. Source: ghsa-malware ef86dd0267c3525fb9b185c8193ead59125fee1e3e962e357ac027f43dfc74cf Any...
MAL-2026-1926 Malicious code in tokenshower (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e31db2e66d226160d10fe5f31a29d7b95cba1d0751cc575c0cf6130679170c7a The package tokenshower was found to contain malicious code. Source: ghsa-malware f9fdcfed91dfe75ee3b371ba973a183f42ff3085a29be233f33b5e34249d18cf An...
MAL-2026-1475 Malicious code in delta666 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8eaa59df9b36fbda7fdbb9f429aa77b3dd4ce913b22d3e1f7991750136306a The package delta666 was found to contain malicious code. Source: ghsa-malware ed1b6c9a5c4e82e4f1f205e90a5ac9c271dccbf998e06ed81199102594e23d0f Any...
Malicious code in omhcsilence-bails (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f5390575abcab0cfc57edaae4aa14d27eab897c1639fab8a502fcda0760adc3 The package omhcsilence-bails was found to contain malicious code. Source: ghsa-malware...
Malicious code in @vtim/xss-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947e0af0661087703ab13fc4220ceff05dafffb94addd8243f90a86929beaf3c The package @vtim/xss-poc was found to contain malicious code. Source: ghsa-malware 20e54e730a6708f44f0828a03bf7ac5c9fb2c88074659d45570d90af289eca84...
MAL-2026-1449 Malicious code in vtimmmmmm-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f98c647bcb6a277d8ef94407b1287e79a9840e0956aa955ff01ea19778219c7 The package vtimmmmmm-test was found to contain malicious code. Source: ghsa-malware 7f04d92a8262ba75c225fb58633a5dfbe7c1d4a750b88f634dde448a81e13b63...
Malicious code in @storylane/shared-packages (npm)
The package '@storylane/shared-packages' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in syntax-do-expressions (npm)
The package 'syntax-do-expressions' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in typescript-vue-apollo-smart-ops (npm)
The package 'typescript-vue-apollo-smart-ops' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1525 Malicious code in peer-deps-external (npm)
The package 'peer-deps-external' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1572 Malicious code in transform-new-target (npm)
The package 'transform-new-target' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1553 Malicious code in typescript-react-query (npm)
The package 'typescript-react-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1501 Malicious code in @storylane/uikit (npm)
The package '@storylane/uikit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1551 Malicious code in syntax-function-bind (npm)
The package 'syntax-function-bind' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1563 Malicious code in transform-es2015-shorthand-properties (npm)
The package 'transform-es2015-shorthand-properties' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
MAL-2026-1538 Malicious code in vue-scoped-css (npm)
The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
MAL-2026-1517 Malicious code in filenames-simple (npm)
The package 'filenames-simple' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1561 Malicious code in transform-es2015-duplicate-keys (npm)
The package 'transform-es2015-duplicate-keys' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1400 Malicious code in solana-pumpfun-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b5c167c097f41d490f55b16ad2263c163b7afb898528dafb13a74f513b9181 The package solana-pumpfun-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1399 Malicious code in pino-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 472c700cdf139a1d7d1df4de30c13fcc5b6a3dcbf684324d9b7e9b3b9c43cc52 The package pino-sdk was found to contain malicious code. Source: ghsa-malware f682f709d89d5225b0a58afb163385a649ad8f5be7e56f7811bd30876fd7bd3b Any...