Malicious code in @t-in-one/form_product_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @car-loans/deal-aff (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

MAL-2026-4980 Malicious code in @cloudplatform-single-spa/svp-draas (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

📄 openDCIM 25.01 SQL Injection / Remote Code Execution

openDCIM version 25.01 remote SQL injection exploit that achieves remote code execution. ================================================================================================================================== | Title : openDCIM 25.01 SQL Injection Leading to Remote Code Execution | |...

Axios NPM supply chain incident

Cisco Talos is actively investigating the March 31, 2026 supply chain attack on the official Axios node package manager npm package during which two malicious versions v1.14.1 and v0.30.4 were deployed. Axios is one of the more popular JavaScript libraries with as many as 100 million downloads pe...

Malicious code in mgc (npm)

Package fetches platform-specific stage-2 payloads from a GitHub Gist. The stage-2 payloads are full Remote Access Trojans RATs for Linux Python and Windows PowerShell that beacon to a C2 server, exfiltrate system information, enumerate directories, execute arbitrary commands, and support binary...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...

TFTP Fetch, Linux Chmod

Fetch and execute an ARMLE payload from a TFTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/tftp/armle/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... m...

Linux Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/https/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...

HTTPS Fetch, Linux Execute Command

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Execute an arbitrary command Module Options msf use payload/cmd/linux/https/riscv64le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec...

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an RISC-V 32-bit payload from an HTTPS server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/https/riscv32le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...

HTTP Fetch, Linux Chmod

Fetch and execute an RISC-V 32-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...

TFTP Fetch, Linux Execute Command

Fetch and execute an RISC-V 64-bit payload from a TFTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/tftp/riscv64le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec ru...

HTTP Fetch, Linux Execute Command

Fetch and execute an RISC-V 64-bit payload from an HTTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/http/riscv64le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec r...

HTTP Fetch, Linux Chmod

Fetch and execute an RISC-V 64-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...

HTTPS Fetch, Linux Chmod

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and s...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an RISC-V 64-bit payload from an HTTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/http/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an RISC-V 32-bit payload from an HTTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/http/riscv32le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...