Malicious code in @antv/g-plugin-canvaskit-renderer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in websocket-cliennt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ce81626c97864e772e307901ca4c296db0ea985a4296d6d5c910615cc6b94efa Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in frreqtrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c6634da106be1a5e6fbc9f381d92ba14243730eca4285e2923b5ea6843b65bd6 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...