342 matches found
Malicious code in @antv/g-webgpu-compiler (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3915 Malicious code in @antv/g-css-layout-api (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g2plot-schemas (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in ml-toolkit-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @uipath/traces-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4875a66ac70789891a0be8418fb640e648e30654ea5f5d3a8f5f7b9760f70e93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3576 Malicious code in @uipath/solutionpackager-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64274b915ff6e2c5965c334cc5b2a7dca56efe8c3021c83e45d0269a9391345f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3571 Malicious code in @uipath/robot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bea1fa21506bd8c16e7bfe9374906720288e6a4cae68b5e28299322cadebf60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/project-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd50cfa0aae7619d6766f47b468fca17a04673407486d5c747f860c0c2e22b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-flow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14153c2050bb9ca128e3cc52251f2321826f0e288b065f37d74b5479a29cf70d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-apiworkflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2532ba4b933b817782f96af980a35816630ae13b035f9c2e4c977517be3e961d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3590 Malicious code in safe-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd0e257c2958e16d803f002f996ebb83aae4ecc32bf71320bf985b936996e634 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/functions-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d291bc0b76606fe49b04635cbf60f335fc04ae35054cb6b9125f0a33ca9b32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/docsai-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2df6b51f1b5589ef118d9b34d60200e0355bd43fe0ee8cd461f222b6a7f0bcbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/codedagents-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7321b8eb18854f6e785ee2862e6f977f0e45ab2cfda39b5c05a3ca23a704a15c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
NPM: Compromised version of intercom-client published to npm
NPM: Compromised version of intercom-client published to npm vulnerability discovered by ? in WordPress Npm intercom-client versions 7.0.4...
PT-2026-38407
Name of the Vulnerable Software and Affected Versions PyTorch Lightning versions 2.6.2 through 2.6.3 Description PyTorch Lightning, a deep learning framework used to pretrain and finetune AI models, contains compromised versions that include malicious code. This code introduces functionality...
MAL-2026-2507 Malicious code in @fairwords/loopback-connector-es (npm)
The @fairwords/loopback-connector-es package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...
Malicious code in @emilgroup/setting-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679e8996c56ffd334a5fd610afb087430e91e54ef7371e70ba8ce6170b3b9cf9 The package @emilgroup/setting-sdk was found to contain malicious code. Source: google-open-source-security...