Malicious code in com.unity.rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29020683719ce2888e35bc68573af9acf12bfa039f451c61178d38ae8210386d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3735 Malicious code in com.unity.rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29020683719ce2888e35bc68573af9acf12bfa039f451c61178d38ae8210386d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3726 Malicious code in com.unity.cluster-display (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b017254017be28523d1d339bd21b2d15cfa38d299a6dfd0df7a157028c544bac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3729 Malicious code in com.unity.list-view-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e62e603878259ca3d97124f0e3dd5225e75518c1572831a35e96a26b807e151 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3740 Malicious code in badgerdoc-storage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 57170ed58e2cf5e3b4b32f443ae555c7c040f2a395b3505837c90e06add93db5 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

MAL-2025-3713 Malicious code in @dm3-org/dm3-lib-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fdc7c9221213814713a1de5a0f5527c3975c0942520d64147788ea8869d8efe8 The OpenSSF Package Analysis project identified '@dm3-org/dm3-lib-shared' @ 1.7.2 npm as malicious. It is considered malicious because: - The...

MAL-2025-3702 Malicious code in @cewe-phoenix-themes/default-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8fefa5fe5221477fe4ca130e84721255986e7b048f3e5922c99cac89d94df83 The OpenSSF Package Analysis project identified '@cewe-phoenix-themes/default-theme' @ 99.9.1 npm as malicious. It is considered malicious...

MAL-2025-3701 Malicious code in @walmart-dataventures/integrated-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6500cbbfb04c2cba829725a6851746577238ca39c724e4030421834285a958fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3666 Malicious code in ias-dashboard-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c5e715ecf1204e540d58dcb1f94d07ca5724d7a1a0df89b355dbe88545c5185 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3715 Malicious code in crypto-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 21ee45d9d771c938c2a2830fda64f84172fe28c001cb1dd2d725b2c05ea39068 The OpenSSF Package Analysis project identified 'crypto-provider' @ 0.3.4 npm as malicious. It is considered malicious because: - The package...

MAL-2025-3602 Malicious code in testveriftest1asdlaaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b241cae62c005e3cd31a8251941ab101ebcca75aa4c8cb988905e87529339cd During installation, the package attempts to exfiltrate cloud tokens --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2025-3601 Malicious code in @sdrosdzol_linkedin/husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5e24d36da21d692922a995d564a799ff283c0dfe20bc5c90fe02d89aad33a616 The OpenSSF Package Analysis project identified '@sdrosdzollinkedin/husky' @ 0.2.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-3716 Malicious code in crypto-utility (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e212ce9343535d644b46e13584a4a6c0585b2c5482091ca23ea52068b582048e The OpenSSF Package Analysis project identified 'crypto-utility' @ 0.3.4 npm as malicious. It is considered malicious because: - The package...

MAL-2025-3598 Malicious code in font-impact (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 404db1db5b86b6ce6ed40f2169b12625d010c431f4610548c55dc053f5d43d69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3596 Malicious code in @ringcx/agent-mfe-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32dc26e905c6298ce020698678835f03f2e5dfb8c63366729ba9e638b98d5abc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3593 Malicious code in client-utility-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3ea30b384f30ddf174344cda1da28874f1f377efed1f312b34ba56b7bedd7aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3574 Malicious code in aegis-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 012d98d433c475ff3012368e49e74b54c587fd81749e936cc898ba80a4d8d868 The OpenSSF Package Analysis project identified 'aegis-contracts' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-3560 Malicious code in rei-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4af31c87d2d807d5845662ad08b32fdf03d8b63c355e3bcf91abd5642a6313eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3564 Malicious code in @di-sdk/quickselect-wasm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb4f93b792159c059a742b5ea3d59a8038b8e1be1103e430086184a2f3ca3090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3399 Malicious code in freo-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8745e789b7b101fb7ede2f6f26567a39b6ec9522c2f6cad7f182098661442ced The OpenSSF Package Analysis project identified 'freo-design-system' @ 1.0.4 npm as malicious. It is considered malicious because: - The package...