260 matches found
MAL-2025-34658 Malicious code in tehryanx-preinstall-script (npm)
The package tehryanx-preinstall-script was found to contain malicious code...
Embedded Malicious Package
Overview @toptal/picasso-utils is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-typography is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-forms is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-tailwind is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Malicious code in natel-plotly-panel (npm)
The package contains suspicious preinstall, preupdate, and test scripts in pakage.json that download and execute code from a remote server oastify.com. This allows for arbitrary code execution and exfiltration of sensitive information username, path, hostname during installation, update, and...
Malicious code in aog-checker (npm)
Malicious package due to data exfiltration via HTTPS and DNS, and a suspicious preinstall script executing code before installation. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7348f881da3fd51ab1de0082ff6538b4c7882dd76eb460e2f64cac368fadd7c7 Any computer that ha...
Malicious code in eslint-plugin-panel-ops (npm)
Malware: Executes code on install, exfiltrates data via DNS to a suspicious domain. Contains a preinstall script and phone-home behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc1ea7508e63005e73356cfdb457f0050ebb7ae1f04cb319592c30a140c4e2f2 Any computer th...
Malicious code in zztest82 (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 632d9a2711114ce930c19d98e24aab1daa8d6d2a81f71ef0025260b16442acec Any computer that has this package install...
Malicious code in zztest890 (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f0bfcc0f336c7ee2a414f1d146dc59634be795c3a17855e4f9f62d26c58958e Any computer that has this package install...
Malicious code in yxt-factor (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=-...
Malicious code in testing098765 (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...
Malicious code in dracoon (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...
Malicious code in archon6 (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9926eff92492428efb3018691093b936b8924920a886240875a09cec72235ead Any computer that has this package install...
Malicious code in my-archon (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c7bbe8cfdc04ced4b0dff759d1be7c1edfc86383d562400758b12247002608f Any computer that has this package install...
Malicious code in app_custom_pinterest (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6eda30e8662c93eff9aaf1eab0b5e8b94ded5b54ef5e06511df7f16fe714aa9 Any computer that has this package install...
Malicious code in bm_pinterest (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db53ad3a5da691f044a5de461b6045524d00aa3877c21a780694c922ede4c76a Any computer that has this package install...
Malicious code in biconomy-test (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc0a0f2ab0beead5e42fd0146fb90778a0a15b54ffa2b9b65db7fb0612c31d5d Any computer that has this package install...
Malicious code in deepcoin-main (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f03ef4f8a77536dbc09bc7dc855b7b176153e3f037ea6eedf02d2ec74f9cbed9 Any computer that has this package install...
Malicious code in bitflyer-test (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27adcc158506e8b712215cdcbdcc32ff31565b573c09436ba3a95c2a89710fe3 Any computer that has this package install...