6 matches found
EUVD-2025-29227
Malicious code in bioql PyPI...
GHSA-5FVM-P68V-5WMH [email protected] contains malware after npm account takeover
Impact On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
[email protected] contains malware after npm account takeover
Impact On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
GHSA-9G9J-RGGX-7FMG [email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker'...
CVE-2025-59141 [email protected] contains malware after npm account takeover
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59140
The CVE-2025-59140 issue concerns the backslash npm package. A phishing-attack comp compromised the package owner’s account on 8 September 2025 and published v0.2.1, which added a malware payload targeting cryptocurrency transactions in browser contexts (e.g., MetaMask), while local/server/CLI en...