296 matches found
Malicious versions of Nx were published
Summary Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. Immediate Actions Required For all users, check if you were...
Embeded Malicious Code
Overview @nx/devkit is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. This package contains a set of utilities for creating Nx plugins. Affected versions of this package are vulnerable to Embeded Malicious Code throug...
Embeded Malicious Code
Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named telemetry.js. A...
Embeded Malicious Code
Overview @nx/workspace is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...
Embeded Malicious Code
Overview @nx/key is a part of the Nx Powerpack extensions for Nx. This plugin provides the ability to activate and read licenses for Nx Powerpack Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...
Malicious code in used-first-in-postinstall-script-dotslashed (npm)
The package used-first-in-postinstall-script-dotslashed was found to contain malicious code...
MAL-2025-37964 Malicious code in used-first-in-postinstall-script-dotslashed (npm)
The package used-first-in-postinstall-script-dotslashed was found to contain malicious code...
MAL-2025-6829 Malicious code in tensorflowjs (npm)
Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence AI and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performan...
Malicious code in udn_extras (npm)
The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...
MAL-2025-6387 Malicious code in udn_extras (npm)
The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...
Embedded Malicious Package
Overview @toptal/picasso-forms is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-tailwind is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-utils is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-typography is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Malicious code in ts-runtime-compat-check (npm)
The npm package ts-runtime-compat-check is a malicious package that functions as a key component in a remote code execution attack chain. This package: 1. Contains a postinstall script that executes lib/install.js 2. The install script makes HTTP requests to a server specified by an environment...
Malicious code in eslint-config-airbnb-compat (npm)
The npm package eslint-config-airbnb-compat is a malicious package impersonating the legitimate Airbnb ESLint configuration. It implements a multi-stage remote code execution attack: 1. The package uses a seemingly benign postinstall script that sets up an environment variable pointing to a...
CVE-2024-13177
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system...
CVE-2024-13177 Symlink Following in Netskope Client Postinstall Script
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system...
CVE-2024-13177 Symlink Following in Netskope Client Postinstall Script
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system...