Lucene search
K

50 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:21 a.m.7 views

Malicious code in @epic-common/observability-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d7457ccefffe2de1f0464f21ac2eadfb981be593d2b34ceb0d5cde1174da0b Package targets the private @epic-common scope Epic Games and is published to the public npm registry as a dependency-confusion vehicle. On import of...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:15 p.m.5 views

Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/26 2:15 p.m.7 views

MAL-2026-6525 Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/25 6:43 p.m.9 views

MAL-2026-6472 Malicious code in tailwindcss-effector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/24 2:1 p.m.3 views

PYSEC-2026-232 Malicious code in ensmallen (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of ensmallen were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 12:53 a.m.6 views

Malicious code in fluent-panel-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:20 a.m.8 views

Malicious code in node-path-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 180db640dc8207694eb4629834f74b740d7efc9febf26067d190e10656fe04e9 Package name node-path-utils and its README/description claim it is 'an exact copy of the NodeJS path module', impersonating the Node.js core path...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/13 1:3 a.m.14 views

MAL-2026-5725 Malicious code in dash-grid-normalizer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...

6AI score
Exploits0References4
OSV
OSV
added 2026/06/11 1:19 p.m.10 views

MAL-2026-5647 Malicious code in ts-ecro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37901692194f47c987610aab18ef37d4361e8ab01efd1a8008876920dd8b8aa2 Package is published as 'ts-ecro' but ships a verbatim copy of big.js v7.0.1 with the original author's copyright, email, and GitHub repository URL —...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:31 p.m.16 views

Malicious code in xfoofoox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94e46dfacc8ffb015e2258d96dedda0eebb7118144ace7021794c88b319ade14 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 9:41 p.m.11 views

Malicious code in xfoobar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d82d6f4e4dba40d2e4677eb00c301bc816c8fe442704bdb9ed1f51a3d90e8f75 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/02 10:0 a.m.10 views

MAL-2026-5160 Malicious code in bt-signal-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d56152c37c3a078b771d2578dd86495783b51b886c96aa7ebb66a7ec36d72a24 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/01 3:38 p.m.18 views

MAL-2026-5123 Malicious code in imgmatrix-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2a9f964e4264c7bcc91047fdfb9966b1ae807e1e60fafa559d5543ed6e3dc83e During import, the package executes remote commands sourced from a Google Sheet. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/24 1:45 a.m.10 views

MAL-2026-4271 Malicious code in data-pipeline-check (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ca0e77c4eda50057aa04c615897f067ee866d02fc1e2fe65cdbb263d3081e8 On import pipelinecheck, the package spawns a daemon thread that, after a random 3-15 second delay, walks /.ssh, /.aws, /.ethereum, /.config, /.docke...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/05/14 7:24 p.m.9 views

MAL-2026-3750 Malicious code in bigint.fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 5:52 a.m.17 views

Malicious code in openai-spellcheckers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 195e6ac284c1a3e97b7683250a5514ed89d903819d2a3c97987782d4725e0e9f Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/12 6:0 p.m.8 views

MAL-2026-3680 Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:41 a.m.15 views

Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/01 12:17 p.m.10 views

Malicious code in pycryptcore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3337f9433143a04e30ce5881c7786f787cc882c983ed5e68b22f60fd79f2a0dd Typosquatting package that automatically exfiltrates files to a Telegram channel on importing. --- Category: MALICIOUS - The campaign has clearly malicious...

5.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/30 4:31 p.m.15 views

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...

6AI score
Exploits0
Rows per page
Query Builder