62 matches found
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...
Malicious code in @antv/g-plugin-canvas-path-generator (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4051 Malicious code in @antv/l7-source (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3855 Malicious code in @antv/awards (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3873 Malicious code in @antv/dom-util (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4011 Malicious code in @antv/gi-cli (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4111 Malicious code in @antv/x6-plugin-transform (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
MAL-2025-191470 Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
Malicious code in @oku-ui/hover-card (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49011592cdb157147144c2972c03c4ec153b1d0076d2aa6d45dce878247a77fc The package @oku-ui/hover-card was found to contain malicious code. Source: google-open-source-security...
Malicious code in @afetcan/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0a79aa802450fc62bcdf8bdb70d6619752f6db790e68472e80016d5893111ba The package @afetcan/api was found to contain malicious code. Source: google-open-source-security...
Malicious code in @dev-blinq/cucumber-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1132d88ae30e1bec8fa386e5fcc5d015e82a253136ad4122d98d8ab816e1d38 The package @dev-blinq/cucumber-js was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/stylelint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9df11f1c81595a1f98a654806fb14064550147575b073cc1d049a0ef9f875f The package @voiceflow/stylelint-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in @oku-ui/menu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c596c8e5c233827737327907a4b122e7fc154c1865ba347b975cd3dda7b591a9 The package @oku-ui/menu was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/nestjs-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6d3635e3e4ea7fe67bd91fc10dbb52d16b29a74193117747292587c6fd1d5ef The package @voiceflow/nestjs-common was found to contain malicious code. Source: ghsa-malware...
Malicious code in prompt-eng-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50d13a939bff8534fbbcbd6ae07836fc1f121c90e239d09b6a76cd91e8e202c2 The package prompt-eng-server was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/presence (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccfe3cd227dfd52c2a7bb6d2c15fc511a5d1baab2eb3378960905005e421b9a The package @oku-ui/presence was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/nestjs-timeout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13d9067ab95136128bf92e8d28b434d340ae4fd7cd2c8e06f3378c71c3f6f2b1 The package @voiceflow/nestjs-timeout was found to contain malicious code. Source: ghsa-malware...