Malicious code in javascript-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d83c3b506a10b770a8c1f98d280262478cccc65708bb1066a72e0708dccaaf75 This malicious package is part the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinsta...

Malicious code in hbsig (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...

Malicious code in weavedb-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...

MAL-2026-5184 Malicious code in sf-silly-goose-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60 Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, lik...

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed...

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan RAT named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through...

MAL-2026-5181 Malicious code in tronlabpy3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71fd394fee5be8e6fe09e8fff0c645dfc2bd164506a85c077d76642c9ec86ba6 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2026-5178 Malicious code in tronlab (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44a6e385a64a2319d00a77e4eb063dd97f8a54dff9df20653fec1f3c3d40ecb9 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Malicious code in internal-tracker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e2d5962963c8d8a956fcb154caa77b63b09419f4f58ddb23e2afbb0cb98c6c79 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

RUSTSEC-2026-0171 `logflux` was removed from crates.io for malicious code

The logflux crate attempted to download and run a malicious payload on the user's machine. The malicious crate had 1 version published on 2026-04-26, approximately 1 month before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Paweł Bis for...

`logflux` was removed from crates.io for malicious code

The logflux crate attempted to download and run a malicious payload on the user's machine. The malicious crate had 1 version published on 2026-04-26, approximately 1 month before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Paweł Bis for...

MAL-2026-5173 Malicious code in spadata (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 861acdca6a344c5a3eae65cb3655f211343f79870978f8bfc62654855efa89f3 The package exfiltrates Roblox cookies from the victim machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service MaaS campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active...

Malicious code in spaysdata (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 55bfbc1a93fe9a662ed20b5fb651390a850c8f43e4d68d81677b4ffd0ca17bcf The package exfiltrates Roblox cookies from the victim machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

Malicious code in spaysrbdata (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d461e4f26b3a0fb04120613c34e74745f6d63ce83abe98c40e470c527921501 The package exfiltrates Roblox cookies from the victim machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

MAL-2026-5170 Malicious code in spaysrbdata (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d461e4f26b3a0fb04120613c34e74745f6d63ce83abe98c40e470c527921501 The package exfiltrates Roblox cookies from the victim machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

MAL-2026-5160 Malicious code in bt-signal-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d56152c37c3a078b771d2578dd86495783b51b886c96aa7ebb66a7ec36d72a24 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious Package

Overview abuden214 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...