2117 matches found
MAL-2025-47221 Malicious code in @things-factory/email-base (npm)
Suspicious postinstall script executes bundle.js which contains code flagged by YARA rule unsignedbitwisemathexcess, indicating malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cdc3773013abc63a59090ab3b457bc1e047f7a294edd5f35e6ce43840fc0520 Any computer tha...
Malicious code in eslint-config-crowdstrike (npm)
Suspicious postinstall script executing bundle.js combined with unsignedbitwisemathexcess YARA rule match indicates potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5700b3786b16cd76be2c86bc19af1fd76ac0dbfa6bb16f29e3837fc94598b75 Any computer that...
MAL-2025-47226 Malicious code in eslint-config-crowdstrike (npm)
Suspicious postinstall script executing bundle.js combined with unsignedbitwisemathexcess YARA rule match indicates potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5700b3786b16cd76be2c86bc19af1fd76ac0dbfa6bb16f29e3837fc94598b75 Any computer that...
Malicious code in @crowdstrike/logscale-parser-edit (npm)
Suspicious postinstall script executing bundle.js and bundle.js contains excessive unsigned bitwise math, indicating potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5e2fca0afc744f9b2cec20ddf740574c42864336447119ed7715555896bde9 Any computer that...
Malicious code in @crowdstrike/logscale-dashboard (npm)
Suspicious postinstall script executing bundle.js and unsignedbitwisemathexcess YARA rule match indicate malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f7539ca83a2878a7b5b892aaa154843f462994bef40d9d14698dd04a2f0ffee Any computer that has this...
Malicious code in @crowdstrike/falcon-shoelace (npm)
postinstall script executes bundle.js. bundle.js triggers unsignedbitwisemathexcess YARA rule. Suspicious behavior indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 035c35169c1f3c6c939e3237ce0bb606645b05601db61892b5d54cbeea095b57 Any computer that h...
MAL-2025-47215 Malicious code in @crowdstrike/falcon-shoelace (npm)
postinstall script executes bundle.js. bundle.js triggers unsignedbitwisemathexcess YARA rule. Suspicious behavior indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 035c35169c1f3c6c939e3237ce0bb606645b05601db61892b5d54cbeea095b57 Any computer that h...
[email protected] contains malware after npm account takeover
Impact On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
GHSA-5FVM-P68V-5WMH [email protected] contains malware after npm account takeover
Impact On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
GHSA-9G9J-RGGX-7FMG [email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker'...
CVE-2025-59141
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59141 [email protected] contains malware after npm account takeover
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59140
The CVE-2025-59140 issue concerns the backslash npm package. A phishing-attack comp compromised the package owner’s account on 8 September 2025 and published v0.2.1, which added a malware payload targeting cryptocurrency transactions in browser contexts (e.g., MetaMask), while local/server/CLI en...
Embedded Malicious Code
Overview ng2-file-upload is an Angular file uploader Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a postinstall script called bundle.js that exfiltrates secrets from the affected user's accounts. These versions have been...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...