296 matches found
Axios npm Supply Chain Incident Impacting @usebruno/cli
Impact This is a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran npm install between 00:21 UTC and 03:30 UTC on March 31, 2026 may have been...
PT-2026-29967
Name of the Vulnerable Software and Affected Versions @usebruno/cli versions installed between 00:21 UTC and 03:30 UTC on March 31, 2026 Description A supply chain attack involving compromised versions of the axios npm package introduced a hidden dependency deploying a cross-platform Remote Acces...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...
Malicious Package
Overview plain-crypto-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and the author of this...
Embedded Malicious Code
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan RAT and whose content was removed from the official package manager. A malicious actor...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
MAL-2026-1486 Malicious code in trello-enterprises (npm)
The package is malicious due to a postinstall script executing a file that exfiltrates sensitive information to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a327d3918cfde33c4405296d7b5e2644bf1435d6532be30af21d41135d529ef The package...
Malicious code in trello-enterprises (npm)
The package is malicious due to a postinstall script executing a file that exfiltrates sensitive information to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a327d3918cfde33c4405296d7b5e2644bf1435d6532be30af21d41135d529ef The package...
Malicious code in cline (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38d7531f4d4af07fee607e1d2985d0ea5b41dbf28cca5bc16c8457934e372f86 The package cline was found to contain malicious code. Source: google-open-source-security...
MAL-2026-1380 Malicious code in cline (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38d7531f4d4af07fee607e1d2985d0ea5b41dbf28cca5bc16c8457934e372f86 The package cline was found to contain malicious code. Source: google-open-source-security...
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
In yet another software supply chain attack, the open-source, artificial intelligence AI-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM P...
GHSA-9PPG-JX86-FQW7 Unauthorized npm publish of [email protected] with modified postinstall script
Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...
Unauthorized npm publish of [email protected] with modified postinstall script
Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...
Malicious Package
Overview cline is a malicious package. NPM publishing token for this package was compromised and useb by an unauthorized party to publish version 2.3.0 containing a modified package.json with an added postinstall script "postinstall": "npm install -g openclaw@latest". This causes openclaw an...
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named "wenmoonx."...
Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm...
EUVD-2025-206137
Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package...
GHSA-93JC-VQQC-VVVH Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm...
CVE-2025-68619
CVE-2025-68619 affects the Signal K Server. The appstore REST endpoint allows admins to install npm packages by passing a version specifier, but the code does not sanitize this field and forwards it to npm. Because npm supports arbitrary version specifiers (including URLs and git sources) the att...