Malicious code in @ctrl/plex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e1aad15739a79a359d88099a004fa395b66df8845c10823824e848f095c568 The @ctrl/ npm scope was compromised in the Shai-Hulud supply-chain incident September 2025. Versions of @ctrl/plex published during and after the...

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - [email protected] [email protected]...

Malicious code in checkmarx.ast-results (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3205937565e6fad63cbece12a8463cd52f3e95c10ac99ab7e62a317e9c18717a This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no...