273 matches found
MAL-2026-5111 Malicious code in @redhat-cloud-services/chrome (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in foundry-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3739 Malicious code in viem-utils-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3d1feda8a13ce43d926de9052753f882f9f51f8afa6572c92bb4a5d3ca9412e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3443 Malicious code in @squawk/flight-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0595c498e25ed96bb0a13cf8ce777df0977f4c1580aadfddfcb0eaf1ae3d7915 The package @squawk/flight-math was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3275 Malicious code in @kills_sh/bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e7f5c26dc70e3f5d44e3fc5b4b94fba66089cf8d0d718fc48c4f85aada6f830 The package @killssh/bootstrap was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3209 Malicious code in apple-internal-security-library-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2656 Malicious code in tailwind-stylecss-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f774188361889c2e95f246317a2fece3219b9d9952ff3645e4d108bc525c5 The package tailwind-stylecss-typography was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2631 Malicious code in babel-plugin-blocks (npm)
Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...
MAL-2026-2098 Malicious code in sd-basket-highlight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-1971 Malicious code in trex-proxy-browser-extension-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb36a59a719cff949c203a03a41c54b637bb1974bdea728b1bc15e837a7db45 The package trex-proxy-browser-extension-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1964 Malicious code in pretty-loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ac086b231c77fe68e31ce08ba212f70807936ae95b86d5af7fce505d9e20118 The package pretty-loggers was found to contain malicious code. Source: ghsa-malware 0218f0b3be8b1ccf4ed897adca433d157feeee1163f03cf8ed2e0b435ad90e8e...
Malicious code in bluelite-bot-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d02181290fe37f11e082818a15c1f6baa4d8479279412a74ec4b440ec14dafc7 The package bluelite-bot-manager was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1185 Malicious code in @bookings.microsoft.com/s (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa10e8f4ab4580d4d9aedaee9a9e0c036b3248364f0680727df6871025d7e2f9 The package @bookings.microsoft.com/s was found to contain malicious code. Source: ghsa-malware...
MAL-2026-833 Malicious code in express-configer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e492b9087ab21198777e586b9d21eade1fe2948bb67f1ab484c7274056861276 The package express-configer was found to contain malicious code. Source: ghsa-malware 8484436a0b43b94054c0fa7ceb955362a6557d9bef3019e2fae2e51e42ff1f...
MAL-2026-679 Malicious code in epic-admin-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53764f149897a5c5d4373d2f217da3994123f2664db8150cfcf37b474ee632db The package epic-admin-ui was found to contain malicious code. Source: ghsa-malware 34cc1c893e75c3b3e5849e74fed6d7f75ce784c9e933d878d93e773fae313305...
Malicious code in tailwind-components-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3916984542c5471332406155adc38fde3d254e8748b6e65caa1b9680663602c The package tailwind-components-cli was found to contain malicious code. Source: ghsa-malware...
MAL-2026-359 Malicious code in dreame-claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44b904b33e89c1b805a677ba354efd9fb3a2433181457eaa178dde53d834a387 The package dreame-claude was found to contain malicious code. Source: ghsa-malware 4af60f8f709a4f9b864b976407e3415357526d2edebe39413dd0de8b3783578b...
MAL-2026-357 Malicious code in chai-bin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70584b6893352163c2a0c5341a2e577feaec7949d8719725a62e0d87e5b1d542 The package chai-bin was found to contain malicious code. Source: ghsa-malware a1636ea6e8016a1000135fcda28819cd75c13f4a95933606b7e792737fe630f0 Any...
Malicious code in secguest-react-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b76ab99d9a667e9700bb0176dde546ff3748b742775ea322766035a730391891 The package secguest-react-lib was found to contain malicious code. Source: ghsa-malware...
RealDefense SUPERAntiSpyware 安全漏洞
RealDefense SUPERAntiSpyware is a security tool for detecting and removing malware from RealDefense USA. A security vulnerability exists in RealDefense SUPERAntiSpyware that stems from SAS Core Service exposing dangerous functions that could lead to local elevation of privilege...