MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

MAL-2026-4349 Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Malicious code in atel-mcp-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1e4255e19fdb4f0352f184f35599be81651badab879e4f39d0f3bb4fda4a58e The package contains multiple structural fingerprints of an active credential-stealer / C2 implant. bin/install.js performs lifecycle-time HTTP POSTs...

MAL-2026-4485 Malicious code in atel-mcp-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1e4255e19fdb4f0352f184f35599be81651badab879e4f39d0f3bb4fda4a58e The package contains multiple structural fingerprints of an active credential-stealer / C2 implant. bin/install.js performs lifecycle-time HTTP POSTs...

CVE-2026-40127

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

MAL-2026-4823 Malicious code in msc-terminal (npm)

Part of a multi-package malicious campaign, msc-terminal npm author nhpkevte1576 carries the same payload as eo-terminal and logger-draft — a fully-featured infostealer and remote access trojan RAT deployed via a postinstall hook. All three packages share the same C2 infrastructure and attack...

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain...

MAL-2026-4511 Malicious code in chai-as-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0f6b316992ec48b2d29d234f9debebcf239653a2371d54ab9f6e487c4fdba7b This package is a typosquat of chai-as-promised that delivers remote code execution to any installer that requires it and invokes the exported...

MAL-2026-4316 Malicious code in internallib_v95 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446fa224122b28950a2a22289bd7a9bf4a29861cde218c495651e1e58da37176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4306 Malicious code in auth0-sample-dus-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11085e4f685d863ed2e5196febd3ade6b5b64e18d19bb57d779d04e27a360df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4321 Malicious code in motion-ui-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddce58f1bde22bf0563aee5f71aefe48c82ad61076557935bf8fff16eb9df3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-28380

A flaw was found in Grafana. An authenticated user with editor privileges could exploit a Broken Access Control BAC vulnerability in the Snapshot API. This flaw allows an editor to delete any dashboard snapshot, even those they do not have explicit read or write access to, leading to unauthorized...

USN-8299-1: Rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

USN-8299-1 rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

Malicious code in explorhub-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 156c492a22f3ae2339a227b3fc1e30bf19ca34e641b031fd2790af69807d0881 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in explorhub-ai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-9438

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

Malicious code in ts-big-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9e88287cb64881d3f8f2e1705d8984d54c0a3147cb3740660afca913064042a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lint-builder-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c210e5583e971220a00f5aada2972877928cbc0187f17b034c9112c4b87099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...