Malicious code in instructor-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d22e882ab0d869a60fcff314b04f0534f3622d7719ed3a9101d55bb6c81dcbc9 Versions 1.15.2, 1.15.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code execute...

Malicious code in nucbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98ac1a9b5840905b608a09e8e66c73b750c0baa17d6b7789adfc94a8fd815e4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Malicious code in coolbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c2dc2f03691017c67f2ef9805c4974416d935298b4748b033bfb7f487ede251 Versions 0.4.1, 0.4.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Malicious code in durabletask (PyPI)

1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...

MAL-2026-4174 Malicious code in durabletask (PyPI)

1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...

Broken dropper in @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp

Mistral npm @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp were compromised by a supply chain attack related to the TanStack security incident. An automated worm associated with the attack led to compromised npm package versions being published. Current investigation...

Malicious Package

Overview nicegui is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between those...

Malicious Package

Overview period-newline is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between...

Malicious Package

Overview knot-date-utils-rb is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

Malicious Package

Overview knot-devise-jwt-helper is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

Malicious Package

Overview github.com/BufferZoneCorp/go-retryablehttp is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a...

Malicious Package

Overview github.com/BufferZoneCorp/go-weather-sdk is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a...

Malicious Package

Overview github.com/BufferZoneCorp/go-metrics-sdk is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a...

Malicious Package

Overview github.com/BufferZoneCorp/config-loader is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a clust...

Malicious Package

Overview github.com/BufferZoneCorp/log-core is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster of...