8 matches found
[email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
Embedded Malicious Code
Overview backslash is a parse string escapes \n, \r, etc. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code...
CVE-2025-59140
The CVE-2025-59140 issue concerns the backslash npm package. A phishing-attack comp compromised the package owner’s account on 8 September 2025 and published v0.2.1, which added a malware payload targeting cryptocurrency transactions in browser contexts (e.g., MetaMask), while local/server/CLI en...
CVE-2025-59140 [email protected] contains malware after npm account takeover
backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59140 [email protected] contains malware after npm account takeover
backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
Malicious code in backslash (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e028d39ee4bd2bd3a487f4ad116e77bf1582cc08b41fb26fb56f8f83049f90f Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-46968 Malicious code in backslash (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e028d39ee4bd2bd3a487f4ad116e77bf1582cc08b41fb26fb56f8f83049f90f Any computer that has this package installed or running should be considered fully compromised. All...
Embedded Malicious Code
Overview backslash is a parse string escapes \n, \r, etc. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code...