84 matches found
MAL-2026-3637 Malicious code in intercom-php (Packagist)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 0bd33abd6fda35e856f8346fda5e85913ce2cad6b4d6c315a2e7138b867760aa This package is malicious and was compromised as part of the Mini Shai-Hulud campaign by the TeamPCP threat actor. The malicious payload...
Malicious code in @ml-toolkit-ts/preprocessing (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @draftlab/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3608 Malicious code in mistralai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3602 Malicious code in @ml-toolkit-ts/xgboost (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3596 Malicious code in @draftlab/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3603 Malicious code in @tallyui/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @draftlab/auth-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3595 Malicious code in @draftauth/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3578 Malicious code in @uipath/tasks-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1924ebd0e25a511d934e9103d324a7e11db5dfad8820ff2a1f71d31ebd8eb8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/project-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd50cfa0aae7619d6766f47b468fca17a04673407486d5c747f860c0c2e22b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3566 Malicious code in @uipath/platform-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89f494a30a8fe1637198b531a2c267ebb3aedf5d0c537afc1f12ea2186ef1d1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/maestro-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6011a0c7aae20b028a8bdca262224d15d4c190b116cbc3d6f8dddef444ca84b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3549 Malicious code in @uipath/insights-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ace6d378b6abec995ee4d1fc628aa32dd0771f340a17fa2e91e2659868509681 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3591 Malicious code in wot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd781e61a7ca728623c44a900ca22a8cc58de2b93bcd797aeebe453ee6fa4f80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/gov-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1528428c4478092edf22976f2f4f138666d82e58ca45ef5926c7300e27ca128 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3547 Malicious code in @uipath/gov-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1528428c4478092edf22976f2f4f138666d82e58ca45ef5926c7300e27ca128 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/codedapp-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82a4dcd41442fccefd9cd7692dbc1dc3e82b0fcef90097d498991d8f09e7528b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3534 Malicious code in @uipath/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b81e35e62a526162bdd6479e8f80cea429ab1ea1ec96b59475750d7fb8cb32e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/apollo-wind (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef4195af9b94b5185e9243c35beefab6d9cf593b7b51e5de55aa5289336ff5f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...