134 matches found
VulnCheck KEV: CVE-2025-59374
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...
EUVD-2020-24795
Malware in sbrugna...
EUVD-2018-7248
Malware in sbrugna...
EUVD-2021-33421
Malicious code in bioql PyPI...
Malicious code in rxnt-kue (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ec749849185c3ae0212a13b39a44ff783ea47aa560116e7af14df511632585e Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in lagoon-rose-gpy887-project (npm)
The package lagoon-rose-gpy887-project was found to contain malicious code...
Malicious code in appmarx (npm)
The package appmarx was found to contain malicious code...
MAL-2025-5397 Malicious code in ebay.cookies (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d701de3172111f68c8aba0b6454237339584c4d994c232f906f4a088b0e874a3 Any computer that has this package installed or running should be considered...
MAL-2025-5168 Malicious code in readium-shared-js (npm)
Malicious preinstall script exfiltrates system info hostname, user, pwd, id to a remote server. Likely a malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c907ca12944ad675a60dbfd27a1680a1b2ebf1186512d0106676795741a558a Any computer that has this package...
MAL-2025-4717 Malicious code in pay-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6dab6c4477e3fd12beb2c023319675dd83f706e7347db70a12265b80e8e38c56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4516 Malicious code in trip-plugins (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d2290ac829220daaf6f2242ec116548af3053789350c71da7b541e9d65a523f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4279 Malicious code in node-smtp-mailer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 460f9b722eb2c3fba92ba737575ced59fa0f516ba2b07451d0a847daf5c62bfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3856 Malicious code in spl-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86e0efcb779c43be336174a24f04614ab82be9f92a235feaf6e344d814bb2789 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2
Impact Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. If you are using one of these versions, stop immediately and rotate any private keys or secrets used with affected systems. Version 2.14.2 is also malicious...
MAL-2025-3255 Malicious code in helper-member-expression-to-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e46054f993cedcc0d3d1aa68cb5224550c94097ec1d867f3d8dba501da7963f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2331 Malicious code in spectrocoin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 290b36acd27bae687a488826038fdc7f97273030fd80026b3bd796793c70df5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1055 Malicious code in achokidar-next (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04c37042e53e847162e2f5ead2483593efd0e3319ba7f4bd4f890092dea66887 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1112 Malicious code in dinacomgraph (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f881cba5f3535297d10c3adf3f31d24d372d3e0608e962aed7cc4c83c8c24204 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Google Chrome AI extensions deliver info-stealing malware in broad attack
Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence AI tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate...
MAL-2024-11950 Malicious code in client-admin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ec1b71ead6207ef37019d932ed7a23602447e0f32d5160121f97bc25284ebaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...