3 matches found
Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across 350 unique users...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
CVE-2025-49013
CVE-2025-49013 describes a code-injection vulnerability in WilderForge GitHub Actions workflows caused by unsafe use of user-controlled variables (notably ${{ github.event.review.body }}) inside shell script contexts. The issue affects WilderForge/WilderForge, WilderForge/ExampleMod, WilderForge/...