MAL-2026-5261 Malicious code in mountly-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

CVE-2026-20206

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

Malicious code in @antv/g-components (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

EUVD-2025-31636

Malicious code in bioql PyPI...

Malicious code in time-server-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5f796bcefeb9b8d3af4bde36c54545d77afdcd6b63284ae58b0a6078b0bbb561 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2023-8369 Malicious code in telethon2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2f513e1bd0172cda035284efad9368870bc46158926c112ccd7fc881e6af75be Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8358 Malicious code in aws-consoler2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b37bd86b6f9bda9d03029c9d2fa09561b2b43cda7c3fddda1389c8e193c4a938 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8360 Malicious code in enumerate-iam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bfefcae6c29da10e63d630fc7e012995d730cc5c0af3a8144dc517f26382a3bd Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8351 Malicious code in aliababcloud-tea-openapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 644686188e6f43d2dc595074d7644cba060e6a91b8de18713f4b551a76a6c3b7 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8354 Malicious code in alibabacloud-vpc20180317 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c24b33d1db8fffd5daaf1985d25add4bc66e7879e1a6efbc7ae706816931834 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8367 Malicious code in python-aliyun-sdk-rds (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 56906386c88b620607253fc1d00a6d5d205c6a535a2ba12fc63108f09761300b Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8356 Malicious code in aliyun-oss2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8c33f6b28da216b43120a3b8a8537d0263dc1eb2b22979a4183b371ff57b9e0b Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8366 Malicious code in python-aliyun-sdk-kms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 53bdcdc5414f25435cd821a9217982c4b486c91100caa324a9c3613d4ccd8d42 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8368 Malicious code in python-cos-sdk-v5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9d23946b30370561c42df798c468626c8ec508cdf6f0fc22cc34bb67f2fa187e Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8364 Malicious code in python-aliyun-sdk-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 63f6387d6bfe7ae582be4478cf6a42a8104b44ea50b22489f5217ba2bfb3ce39 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8357 Malicious code in arangodba (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8a8f8299dc6c21b2441da8a56c195b046c05f65c0ab9b78f08aff27eb1611ac7 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...