MAL-2024-8977 Malicious code in collaborator-trigger05 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 19b4660476331fc41f23ce20381efcebc7f8ba7c11954f491848bff463c7f0b0 The OpenSSF Package Analysis project identified 'collaborator-trigger05' @ 1.0.9 npm as malicious. It is considered malicious because: - The...

MAL-2024-8986 Malicious code in case-result-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53752de38b0f242f1a98e32994dffdc4793390a73bf2685bb38db58aff3156fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8961 Malicious code in k0m3g4-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bd260efc78494efc57d67f6576d7ae30b8e58e866ee7a3c228692548174c1e19 The OpenSSF Package Analysis project identified 'k0m3g4-test' @ 2.999.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-8955 Malicious code in storj-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c29c7e82f958f9ed89af6fc324d687bfe4e15d4b2aa49fee39f5aeeb4eee5583 The OpenSSF Package Analysis project identified 'storj-docs' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-8946 Malicious code in rcebymrx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 65ddcbfb52d8c96bb51c713d62841675f75e9e5225efc9380917c6cf79bed8ab When importing the module, the /etc/passwd file is exfiltrated --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anythin...

MAL-2024-8932 Malicious code in @the-c-company/common-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e18cae6ce0c3de2fe7988c316471f5383433deaa0e8b9bf0376b69b634188218 The OpenSSF Package Analysis project identified '@the-c-company/common-utils' @ 1.0.0 npm as malicious. It is considered malicious because: - Th...

MAL-2024-8913 Malicious code in seconddjallal-ui-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 339da66a4589a23f79b8a7b70e60f8b30acf9884cf996d3388310f1f8cbce28b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8900 Malicious code in bsc-stdlib-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df99335a79394c76ec65c4c11bd937510961ba93b67e631d560753ab61a735b6 The OpenSSF Package Analysis project identified 'bsc-stdlib-polyfill' @ 0.0.1 npm as malicious. It is considered malicious because: - The packag...

MAL-2024-8886 Malicious code in 0g-da-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2638730cdc6149851ffde4258625886da39146fb96e355280a2460ec01653ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8876 Malicious code in testing_coll (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8518731ff24bfebf9747d6cf7d3a365c7061fe94c0bcc413a194915890f31f75 The OpenSSF Package Analysis project identified 'testingcoll' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2024-8875 Malicious code in rust-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 879e91954c530c7fda9e73575ef2f4a945be9a29a5761866d4a4470b32469ce1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8853 Malicious code in roblox-event-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f08f30c6d48fad2d39e96f192eb0efb0ae97511a98d6ef6b3048b20486f7c30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8850 Malicious code in azure-iothub-service-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 39be68a1794d85382ecb02d31e4d56c310788c3eb8f0f552d464410ec90138a5 The OpenSSF Package Analysis project identified 'azure-iothub-service-client' @ 0.0.2 npm as malicious. It is considered malicious because: - Th...

MAL-2024-8835 Malicious code in skibo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2926d03211dc44468a65561ad4c8faa1e35ea81bbff5dcfb9bd4a918bd603384 The OpenSSF Package Analysis project identified 'skibo' @ 1.0.0 npm as malicious. It is considered malicious because: - The package communicates...

MAL-2025-4666 Malicious code in proto-google-cloud-dlp-v2beta1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d21bb408ed0e178e23e5b4face7188968fd711ea7ceab009b9d04e6a508740d Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

MAL-2024-8819 Malicious code in 0g-storage-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 189712c4a0b96b9447f3a3e68e5883de6303d027035935681f2341e68eeccc3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8734 Malicious code in @maas-themes/eslint-config-react-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 76dd3e73ed32149194358782c120547fddea51353f2ed5f56384a8ff2f0e828c The OpenSSF Package Analysis project identified '@maas-themes/eslint-config-react-typescript' @ 3.1.4 npm as malicious. It is considered malicio...

MAL-2024-8019 Malicious code in cargo-hub-ui-api-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8165fa0cd101e6b1ef78a13e6355f2f54b163dad9b094756aeb50ad2ce54b516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @live-backstage/client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59a85f5255ffeaed2480c5affaf5967984d6b21631800dee033bd1c44c762ce5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in artifact-lab-3-package-b6920ef4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0239eb42a339ea04c20285cf4f4fd719e841f19d6e59a2cbb78f6e982fcea446 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...