154 matches found
Embedded Malicious Code
Overview @basic-ui-components-stc/basic-ui-components is a starter project for building a standalone Web Component using Stencil Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secre...
Malicious code in @yoobic/jpeg-camera-es6 (npm)
Suspicious postinstall script executing bundle.js and the presence of unsignedbitwisemathexcess YARA rule match indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38de35c3ae3f0f156a77b94484f3774c14c293d3e37531ec74c8277fde1ad5c7 Any computer that has...
MAL-2025-47225 Malicious code in @yoobic/jpeg-camera-es6 (npm)
Suspicious postinstall script executing bundle.js and the presence of unsignedbitwisemathexcess YARA rule match indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38de35c3ae3f0f156a77b94484f3774c14c293d3e37531ec74c8277fde1ad5c7 Any computer that has...
Malicious code in yoo-styles (npm)
Suspicious postinstall script executing bundle.js and YARA rule unsignedbitwisemathexcess match strongly suggests malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b064ef82c07e5538a3269d44de4c6750b224f665f808a5099715143c8be21e4 Any computer that h...
MAL-2025-47230 Malicious code in yoo-styles (npm)
Suspicious postinstall script executing bundle.js and YARA rule unsignedbitwisemathexcess match strongly suggests malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b064ef82c07e5538a3269d44de4c6750b224f665f808a5099715143c8be21e4 Any computer that h...
MAL-2025-47220 Malicious code in @operato/styles (npm)
Suspicious postinstall script executing bundle.js and unsignedbitwisemathexcess YARA rule match indicates malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f85f761f5ad599532a97a4c4c64bea4910004e56178cd4081fefb3b113ed8d6d Any computer that has this...
MAL-2025-47224 Malicious code in @things-factory/integration-marketplace (npm)
Suspicious postinstall script executing bundle.js and YARA rule match on bundle.js suggests malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 707cb5e2a466e8a099c5ffaaf71fd576d658e67702737dd3dfef8dc62127aa8f Any computer that has this package...
MAL-2025-47223 Malicious code in @things-factory/integration-base (npm)
Suspicious postinstall script executing bundle.js, which contains excessive unsigned bitwise math, indicating potential malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6b2496d9a593750ea26a4cea41022e9b78c9bae1ac1b398aa506868e90e794e Any computer...
MAL-2025-47219 Malicious code in @operato/headroom (npm)
Suspicious postinstall script executing bundle.js and YARA rule match unsignedbitwisemathexcess indicate malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71e970ada08943ee1043ac40c48714a5f5c29ae9c3c5d925c6dbfff9bcc47719 Any computer that has this...
Malicious code in @operato/headroom (npm)
Suspicious postinstall script executing bundle.js and YARA rule match unsignedbitwisemathexcess indicate malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71e970ada08943ee1043ac40c48714a5f5c29ae9c3c5d925c6dbfff9bcc47719 Any computer that has this...
Malicious code in @things-factory/env (npm)
Suspicious postinstall script executing bundle.js and YARA rule match on bundle.js indicate potential malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88b8463d9fb16ac5faed1cd122997c683cc79534786bcf816139cefc13897168 Any computer that has this...
MAL-2025-47227 Malicious code in eslint-config-crowdstrike-node (npm)
Suspicious postinstall script executing bundle.js with excessive bitwise math indicates malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40d780d93001ede85edbf1e9b83f884f84ab20fc210cd34a95b114599c01387a Any computer that has this package installed ...
MAL-2025-47218 Malicious code in @crowdstrike/logscale-parser-edit (npm)
Suspicious postinstall script executing bundle.js and bundle.js contains excessive unsigned bitwise math, indicating potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5e2fca0afc744f9b2cec20ddf740574c42864336447119ed7715555896bde9 Any computer that...
MAL-2025-47217 Malicious code in @crowdstrike/logscale-file-editor (npm)
Suspicious postinstall script executing bundle.js and YARA rule match for excessive bitwise math indicate likely malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c0f2b92ed507c0c5be3665db16bf307e19440b594539d07854669c027545b6c Any computer that ha...
Malicious code in @crowdstrike/logscale-file-editor (npm)
Suspicious postinstall script executing bundle.js and YARA rule match for excessive bitwise math indicate likely malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c0f2b92ed507c0c5be3665db16bf307e19440b594539d07854669c027545b6c Any computer that ha...
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function NpmModule.updatePackage that downloads a package tarball, modifies...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...