MAL-2025-5735 Malicious code in vite-plugin-enhance (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8e3c636dfa64944d7dbd44dcd69bf2d040855dec38d508810590f76a1deb54e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5686 Malicious code in elbol (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b99a8bf6adb423e7d8328ec1e179ba48ee34d663ab80a55b1c27d156605413f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mark-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d23383a480fcca63e03f17e636f2b8b0ac1605237d730c7ccf159e9ea082f39d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5706 Malicious code in mark-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d23383a480fcca63e03f17e636f2b8b0ac1605237d730c7ccf159e9ea082f39d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cdk8s-kbld (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6be6c2728fc61eee980d78a40e52500b12a5d5c28f128b1fc21a7d18730c806 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5704 Malicious code in kkyun-display-flag (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fbf5dcd7042eb6d07404348b3566e81d0430bccbe3590ddf39941414f69e4216 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5667 Malicious code in appf-react-router-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bee107551e93c84b7b5e64794220ddf4898466e42cd01d1bdde8b41bb0cabd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in foundation.util.triggers.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83bf60b2f5ebff2152502dd84c2d1275fe67e6eb08d9ce2937e0bc3de9f113a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5691 Malicious code in foundation.util.triggers.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83bf60b2f5ebff2152502dd84c2d1275fe67e6eb08d9ce2937e0bc3de9f113a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in solsafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c0e330c03bcbf5c40a3477fd4fa0029e71ee952bcbdc57bbaf89d39cbec85ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5718 Malicious code in prepare-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce87db23628075e87a946b6117721f8fd2f272b5d93e3447e78b58a4a09df2af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in internallib_v555 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6785cc325eb6cfd4e41289a80a9fe1a639f54fe80387ce895053b1b983ce1aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5676 Malicious code in chii-aungpao-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7612d6bbbfb9dc1ad7c5edf5f536d13eaa4e20da2e1a895caeacfb8b0e75140 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5736 Malicious code in vite-tsauditlog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 830e528439887027d65ed0697132b3f91dc2b11e553dc12671446d5f6eea1b2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in restpilot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea95902e229e600fed776ab58f9216738dd1db24c03890b9902da283f3413623 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5702 Malicious code in io.ox (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f943d7e85ce7b15cc0e8fa0f234c36503767f627e103ac8062d96f57504efbe4 Any computer that has this package installed or running should be considered...

MAL-2025-5700 Malicious code in htmlbars-inline-precompile (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c4a212f0a71820f5e5ac4def1449d454a87b95082eae0de676cc3e27006831a Any computer that has this package installed or running should be considered...

MAL-2025-5649 Malicious code in @subdashboard/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b9e3ee4d3e2596c958c832ed9062f00d7b03289fa32f9f3a5aacaf2a4974f47e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Hiding Prompt Injections in Academic Papers

Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan's Waseda University, South Korea's KAIST, China's Peking University and the National University of Singapore, as wel...

BackFed: an Efficient and Standardized Benchmark Suite for Backdoor Attacks in Federated Learning

Federated Learning FL systems are vulnerable to backdoor attacks, where adversaries train their local models on poisoned data and submit poisoned model updates to compromise the global model. Despite numerous proposed attacks and defenses, divergent experimental settings, implementation errors, a...