7788 matches found
Malicious code in svgson-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...
MAL-2026-6707 Malicious code in svgson-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...
Malicious code in ts-ankle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...
MAL-2026-6548 Malicious code in ts-ankle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...
CVE-2026-54833
Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...
CVE-2026-54833 WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability
Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...
EUVD-2026-39677
Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...
CVE-2026-54833
CVE-2026-54833 concerns the WordPress Enable CORS plugin
MAL-2026-6524 Malicious code in ts-einkle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...
Malicious code in inlifegram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3975a0998bf76dddc25f0138b1d4b408bb06304b3203dc1e62e0110b2b56425f InLifeGram distributes a modified copy of the pyrogram Telegram client library and installs it into the top-level pyrogram import namespace, so impor...
MAL-2026-6516 Malicious code in inlifegram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3975a0998bf76dddc25f0138b1d4b408bb06304b3203dc1e62e0110b2b56425f InLifeGram distributes a modified copy of the pyrogram Telegram client library and installs it into the top-level pyrogram import namespace, so impor...
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the...
Malicious code in ref-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...
MAL-2026-6474 Malicious code in ref-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...
Malicious code in tokenization-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6 The package advertises plain math/formatter helpers but index.js contains a heavily obfuscated payload concealed inside the calculateTokenPrice...
CVE-2026-10735 ShapedPlugin Multiple Pro Plugins - Backdoor via Compromised Vendor Update Server
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...
Malicious code in hashd-edu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f8480ae1ab46f8b6f61848c271af2819d88644df8d8f36b04b458103c5d5454 The package ships a full remote-shell backdoor that fires both at install time and at module load time. postinstall.js forks itself as a detached...
MAL-2026-6302 Malicious code in hashd-edu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f8480ae1ab46f8b6f61848c271af2819d88644df8d8f36b04b458103c5d5454 The package ships a full remote-shell backdoor that fires both at install time and at module load time. postinstall.js forks itself as a detached...
MAL-2026-6276 Malicious code in node-core-libs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...
MAL-2026-6279 Malicious code in forge-jsx4 (npm)
forge-jsx4 is a remote access trojan RAT published to the public npm registry by the account rafaelsilva [email protected]. Versions 1.0.122 and 1.0.123 were published on June 21-22, 2026 as a reconstitution of the forge-jsx / forge-jsxy campaign, reusing the same command-and-control...