Malicious code in python-bittensor-config-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f2ecdbc9e024d6dc51c8e5d48941c5aac432db65ad733317aed159d480973cd During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...

MAL-2026-2911 Malicious code in terminal-formatter (npm)

terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...