4 matches found
EUVD-2025-29241
Malicious code in bioql PyPI...
GHSA-53MQ-F4W3-F7QV [email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
CVE-2025-59331 [email protected] contains malware after npm account takeover
is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
PT-2025-24083 · Idf +1 · Idf +1
Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: The issue allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this requires authenticating to the device and executin...