296 matches found
Malicious code in eslint-config-crowdstrike-node (npm)
Suspicious postinstall script executing bundle.js with excessive bitwise math indicates malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40d780d93001ede85edbf1e9b83f884f84ab20fc210cd34a95b114599c01387a Any computer that has this package installed ...
MAL-2025-47227 Malicious code in eslint-config-crowdstrike-node (npm)
Suspicious postinstall script executing bundle.js with excessive bitwise math indicates malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40d780d93001ede85edbf1e9b83f884f84ab20fc210cd34a95b114599c01387a Any computer that has this package installed ...
MAL-2025-47218 Malicious code in @crowdstrike/logscale-parser-edit (npm)
Suspicious postinstall script executing bundle.js and bundle.js contains excessive unsigned bitwise math, indicating potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5e2fca0afc744f9b2cec20ddf740574c42864336447119ed7715555896bde9 Any computer that...
Malicious code in @crowdstrike/logscale-parser-edit (npm)
Suspicious postinstall script executing bundle.js and bundle.js contains excessive unsigned bitwise math, indicating potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5e2fca0afc744f9b2cec20ddf740574c42864336447119ed7715555896bde9 Any computer that...
Malicious code in @crowdstrike/logscale-file-editor (npm)
Suspicious postinstall script executing bundle.js and YARA rule match for excessive bitwise math indicate likely malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c0f2b92ed507c0c5be3665db16bf307e19440b594539d07854669c027545b6c Any computer that ha...
MAL-2025-47216 Malicious code in @crowdstrike/logscale-dashboard (npm)
Suspicious postinstall script executing bundle.js and unsignedbitwisemathexcess YARA rule match indicate malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f7539ca83a2878a7b5b892aaa154843f462994bef40d9d14698dd04a2f0ffee Any computer that has this...
Malicious code in @crowdstrike/logscale-dashboard (npm)
Suspicious postinstall script executing bundle.js and unsignedbitwisemathexcess YARA rule match indicate malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f7539ca83a2878a7b5b892aaa154843f462994bef40d9d14698dd04a2f0ffee Any computer that has this...
MAL-2025-47215 Malicious code in @crowdstrike/falcon-shoelace (npm)
postinstall script executes bundle.js. bundle.js triggers unsignedbitwisemathexcess YARA rule. Suspicious behavior indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 035c35169c1f3c6c939e3237ce0bb606645b05601db61892b5d54cbeea095b57 Any computer that h...
Embedded Malicious Code
Overview ngx-bootstrap is a package that contains all core Bootstrap components powered by Angular. Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a postinstall script called bundle.js that exfiltrates secrets from the...
Embedded Malicious Code
Overview ng2-file-upload is an Angular file uploader Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a postinstall script called bundle.js that exfiltrates secrets from the affected user's accounts. These versions have been...
MAL-2025-47196 Malicious code in ng2-file-upload (npm)
The package ng2-file-upload was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in...
Malicious code in ng2-file-upload (npm)
The package ng2-file-upload was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in...
Malicious code in ngx-bootstrap (npm)
The package ngx-bootstrap was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in t...
MAL-2025-47197 Malicious code in ngx-bootstrap (npm)
The package ngx-bootstrap was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in t...
CVE-2025-58374
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...
CVE-2025-58374 Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...
CVE-2025-58374 Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...
CVE-2025-58374
Summary (CVE-2025-58374): Roo Code versions 3.25.23 and earlier allow an auto-approved npm install that can execute a repository’s postinstall script, enabling arbitrary code execution. Root cause: npm install is in the default auto-approve list, so malicious postinstall scripts run without user ...
PT-2025-36345
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.25.23 and below Description: Roo Code is an AI-powered autonomous coding agent. Versions 3.25.23 and below include npm install in a default list of auto-approved commands. Because npm install executes lifecycle scripts, a...
Exploit for CVE-2025-55349
CVE-2025-55349 — pm2 Arbitrary Code Execution via postinstall...