1121 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...
Malicious code in yt-api-dlp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4710e1aa4fe025aaed51f4958f3b514a6cb950b40069f424c7a5d9a2f85591c Package name yt-api-dlp is a single-token insertion away from the widely-used yt-dlp package, and the tarball contains a near-verbatim copy of the...
MAL-2026-6754 Malicious code in yt-api-dlp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4710e1aa4fe025aaed51f4958f3b514a6cb950b40069f424c7a5d9a2f85591c Package name yt-api-dlp is a single-token insertion away from the widely-used yt-dlp package, and the tarball contains a near-verbatim copy of the...
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps...
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releas...
MAL-2026-6472 Malicious code in tailwindcss-effector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...
CVE-2026-46540
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...
MAL-2026-5557 Malicious code in janus-ft (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...
Malicious code in janus-ft (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...
CVE-2026-46543
CVE-2026-46543 (Nimiq blockchain) affects the Rust implementation
CVE-2026-46543 nimiq-blockchain: Genesis batch set request
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...
EUVD-2026-35882
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handledhtget, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails from a malicious DHT...
CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...
CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...
CVE-2026-46540
Nimiq light-blockchain (Rust, Albatross) had a bug in LightBlockchain::rebranch() before v1.4.0: when forking to a macro-block tip (checkpoint or election), it updated only head and did not refresh macro_head, election_head, current_validators, or store the election header. This mismatch with the...
Malicious code in blockchain-helper-0 (npm)
Note: This report is updated by a verification record Crypto/SSH/wallet stealer self-labeled "CRYPTO STEALER". postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa + wallet keys/seeds + env and exfils to hardcoded Telegram bot...
MAL-2026-5352 Malicious code in blockchain-helper-0 (npm)
Note: This report is updated by a verification record Crypto/SSH/wallet stealer self-labeled "CRYPTO STEALER". postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa + wallet keys/seeds + env and exfils to hardcoded Telegram bot...
CVE-2026-34066
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...