Lucene search
K

1026 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 11:58 p.m.13 views

Malicious code in chai-as-repaired (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 949b90bd3c157955d029f9ea08bc32aea893e452c4ded78df98b80c1b831be76 Package name 'chai-as-repaired' is a 1-edit typosquat of the popular 'chai-as-promised' chai plugin 1M weekly downloads. The published code is...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/22 2:23 p.m.13 views

MAL-2026-4345 Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 10:21 a.m.18 views

Malicious code in logger-draft (npm)

Part of a multi-package malicious campaign by npm author toskypi, logger-draft is a companion package to eo-terminal in the same infostealer and remote access trojan RAT campaign. Both packages share the same actor, C2 infrastructure, and attack pattern, and are distributed together under a...

6AI score
Exploits0References4
OSV
OSV
added 2026/05/21 12:0 a.m.38 views

MAL-2026-4209 Malicious code in polymarket-ai-agent (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.12 views

Malicious code in polymarket-auto-trade (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/21 12:0 a.m.23 views

MAL-2026-4212 Malicious code in polymarket-claude-code (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.14 views

Malicious code in polymarket-terminal (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 5:29 p.m.17 views

MAL-2026-4773 Malicious code in vlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8771013473b84f29159a80ec15ce3e9897bc69908ddfa2438845811dd276d87c VLifeGram is published under its own name on PyPI but installs into the pyrogram/ namespace and ships a Pyrogram fork at version 2.1.2.4. It adds an...

6.2AI score
Exploits0References1
OSV
OSV
added 2026/05/14 7:25 p.m.10 views

MAL-2026-3765 Malicious code in joi-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ca38e3574ffcb0fabb105616e28108137c8256e2c70aeede59623bca5df496a The package declares a postinstall hook "postinstall": "node postinstall.js" in package.json that runs unconditionally on npm install. The script's o...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/14 7:25 p.m.8 views

MAL-2026-3763 Malicious code in exxpress-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa81f7c144d5feeea9c49254fbeec68f8271460d4a51efd5757a62b251c05f2 The package declares scripts.postinstall pointing at postinstall.js, which runs automatically on npm install. The script performs three...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.16 views

Malicious code in rimraf-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59d88d733415216903578b3c3806d76405a23a7cca56ee355eb6725e4e930d4 [email protected] impersonates the widely-installed rimraf package index.js is a dummy stub that internally identifies itself as 'lodash-js — Just a...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/13 6:41 p.m.10 views

MAL-2026-3698 Malicious code in trickery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ad5df28c8d5f5afa377d6b54a7eac1d3110610783c7e62fbd084a0bd49baac5 Package contains code to install a backdoor - and additionally to a user-controlled backdoor, it also installs the second, with own C2 server. It's not...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:0 a.m.18 views

Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.6 views

MAL-2026-3649 Malicious code in iceberg-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/09 6:52 p.m.190 views

centipede

centipede Self-replicating Linux worm framework with multi-la...

7.8CVSS6.3AI score0.93235EPSS
Exploits33
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/02 10:45 p.m.13 views

Malicious code in timemcplib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96a6c2c025f60e6c36b5c0c5325d3cd39c3d2a25f693ba82877fa73d87eb3b6f During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
OSV
OSV
added 2026/04/30 8:5 a.m.6 views

MAL-2026-3198 Malicious code in timecurrently (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e505f67724cdcb9846add9bc1236a4cf256f954d9be1dbc98a51b387cbc4871 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
OSV
OSV
added 2026/04/29 5:32 a.m.8 views

MAL-2026-3142 Malicious code in timemcp-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e125c901115c73a3467acea1300ccc14f718459dbf54ad11a8baf7c39cc03d9 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
OSV
OSV
added 2026/04/17 8:6 a.m.6 views

MAL-2026-2837 Malicious code in solanakit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:15 p.m.12 views

Malicious code in chainutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...

5.8AI score
Exploits0References6
Rows per page
Query Builder