1038 matches found
Malicious code in ethereum-gas-reporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7303c828115a527d477ea14684b3015e43fdcd36a7fa94041c16ccb3c2fbcfcc index.js line 144 contains require'chai-assert-kit' appended after the module's normal exports, with no other reference to chai-assert-kit anywhere i...
MAL-2026-5950 Malicious code in @mastra/hono (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ed4177a8fb31809df36c88a8dddc4cd35e888cb1cebbc380e44c09acdd055f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5699 Malicious code in chai-web3-testkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc1472c1964a224051ad01d14dabfdfd3ca26d594fff02fb07192f423238691 The package advertises itself as a Web3.js testing toolkit but its content is copied from the legitimate chai-smart-assert library and a malicious...
Malicious code in tailwindcss-animates-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36f982d7c842137890d743938442fe409fd41a786fe5727bcd77277406b2a189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5512 Malicious code in solc-abi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5ecbb6619ae13314417faab35b315155c9a55f98dfdb707fe44edfe1f7e7356 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in graphbase-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bcdb883b3cbdcf4216f99f55d52d1b93db24271ddcf4a1e232f444a75709f76a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5502 Malicious code in graphbase-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bcdb883b3cbdcf4216f99f55d52d1b93db24271ddcf4a1e232f444a75709f76a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in xnder-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cac2bcdbeb978a93be7021106fbfcab7795f51b434141160391cb89df0a87ab The package contains scripts/script.js with heavy obfuscation patterns string-array shift loops, hex-encoded indices, while!! anti-analysis construct...
MAL-2026-5375 Malicious code in @doaction/pay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94ec95e460ba16497749775ca5e0bac92e4013e2297dd506bb2b99254acffaf3 @doaction/pay 9.9.9 declares "preinstall": "node scripts/postinstall.js" in package.json, which requires @doaction/shared/bin/postinstall.js and runs...
MAL-2026-5346 Malicious code in cookie-parser-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a673e0454bb102d4e8456e3c26290196c5ae5bf4cf9438ce78f8286fd5c3be Package name and README impersonate the well-known cookie-parser Express middleware. The source is a near-verbatim copy of cookie-parser, except the...
Malicious code in classwind-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4fa5abd0e91f5e73a3a17597ecdddbef2409d61a680fd92ea62ce3a908ffb836 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
AI Worm
Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner's original 1975 conception of a computer worm that I've seen...
MAL-2026-5187 Malicious code in supabase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa2bdcc065a6d4c2b1512f8b68fed22618050c0435c12890c74a2f1405c62093 Withdrawn Advisory This advisory has been withdrawn because the malware detection was a false positive. This link is maintained to preserve external...
MAL-2026-5174 Malicious code in nodemon-pack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66b967b89b3b02913d1a55f4fe65d3e7ecf4e39d25f5fd49bfb2879f73724dc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5114 Malicious code in @redhat-cloud-services/frontend-components-config-utilities (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/entitlements-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in ethers-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d77270819f9736bb8e5eaba898605cbe713dfaf9b06c2ad539aa29f77651aba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @service-suppliers/set_suppliers_loading_start (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b90557d314c93e20a5e2c0e307eb25f28e9e17cb31c630a6ae64b1ce8fc8013 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4841 Malicious code in @hcs-hybrid/uirouter-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27a0d7e172f9959faebfaed919369b4cd7a6321d9ae58986de045174908d431c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38be804fe779ace5ea3a6a56214beebe7ceabaa5f765b46a0f7888ed2da4fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...