EUVD-2025-29260

Malicious code in bioql PyPI...

EUVD-2025-29225

Malicious code in bioql PyPI...

CVE-2025-59142

color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

CVE-2025-59143

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

CVE-2025-59330

error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

CVE-2025-59140

backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

CVE-2025-59142

color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

CVE-2025-59142 [email protected] contains malware after npm account takeover

color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

CVE-2025-59142 [email protected] contains malware after npm account takeover

color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

CVE-2025-59144 [email protected] contains malware after npm account takeover

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency...

CVE-2025-59143

Summary (CVE-2025-59143) : The issue affects the npm package color ([email protected]). An account takeover via phishing allowed an attacker to publish a malicious patch that inserts a payload in the browser context to redirect cryptocurrency transactions to attacker-owned addresses (e.g., wallets like...

color 安全漏洞

color is a Javascript manipulation library by Josh Junon Personal Developer. A security vulnerability exists in color version 5.0.1 that stems from a phishing attack resulting in an account takeover, where malware may redirect cryptocurrency transactions in the browser environment...

Account Takeover

debug is vulnerable to Account Takeover. The vulnerability is due to a compromised npm publishing account, which allowed an attacker to publish a malicious patch version 4.4.2 that injects browser-side malware, enabling redirection of cryptocurrency transactions e.g., MetaMask to...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

PT-2025-37745

Name of the Vulnerable Software and Affected Versions: color versions 5.0.1 Description: The npm publishing account for color was taken over following a phishing attack. Version 5.0.1 was published with a malware payload designed to redirect cryptocurrency transactions from within browser...

PT-2025-37743

Name of the Vulnerable Software and Affected Versions: simple-swizzle version 0.2.3 simple-swizzle versions prior to 0.2.4 Description: The npm publishing account for simple-swizzle was compromised following a phishing attack. Version 0.2.3 was published with a malware payload designed to redirec...

PT-2025-37746

Name of the Vulnerable Software and Affected Versions debug versions 4.4.2 Description The npm publishing account for debug was compromised following a phishing attack on September 8, 2025. Version 4.4.2 was published with a malicious payload designed to redirect cryptocurrency transactions withi...

PT-2025-37749

Name of the Vulnerable Software and Affected Versions: is-arrayish versions prior to 0.3.4 Description: The is-arrayish package was compromised through a phishing attack on an npm publishing account. Version 0.3.3 was published with a malware payload designed to redirect cryptocurrency transactio...

CVE-2024-25091

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.211013 when using 'VirusChecker' or 'ThreatChecker' feature and RevoWorks Browser prior to 2.2.95 when using 'VirusChecker' or 'ThreatChecker' feature. If data containing malware is saved in a specific file format...