Malicious code in comp-base-photoupload (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5adac5ba125addda078885f62e39385b133893d4eb256e54e6761899c681a6d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flowmark (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4048b3f53349dffd22ba0305a35887afcb85a34660e7c2165ce6a98c2574761 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

When legitimate tools go rogue

Late one Tuesday night, Elena's phone buzzed with an alert from her company's SIEM. Her team had set up a rule to flag when certain system tools -- whoami, nltest and nslookup--were run one after another in quick succession. That exact pattern had just triggered on a computer in the Finance...

MAL-2025-5150 Malicious code in app-prd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb4dfa072fe28f45493885c483db8e17cfb04c8c56db854534cfb053b52ebfc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in plugin-react (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e88cbf7f87087cbc6dda9545bd987ae79997a0d8812613ac393f517941eb83e Any computer that has this package installed or running should be considered...

MAL-2025-5184 Malicious code in microviewreact (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb4aa3ed998e2cc248404754caf11f331bf993d7eb37d5eabdfeb08402bb69f8 Any computer that has this package installed or running should be considered...

MAL-2025-5013 Malicious code in obfuscated (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d559efbc8df5a64ca2676526a199174c0a877291c1cd08cfb8db6a7536aad530 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5011 Malicious code in example-malicious (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35d3703ef56e66529b1b9ba0ccc6cf4e863591347a634a085a46636f082d79c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5012 Malicious code in metaplex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 56094c5aa47c7f90dabdf4a647d1fb79534f42102ce0ea011b8fb4bc0aa398a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5008 Malicious code in @openapi-platform/git-util (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96bf6ba53f72a3f15a38886bfb459f601a5de59cf964ebc169b368015d75e967 Any computer that has this package installed or running should be considered...

MAL-2025-5006 Malicious code in vscode-websearchforcopilot (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 247d22ce4a478ffa11b9b10a31460cd13afeba961c80bf8f08a8557aef325569 Any computer that has this package installed or running should be considered...

MAL-2025-5000 Malicious code in cascading-picklists-extenstion (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fa598a6ca358e662bbce1a99296fb4e87cfeb954903eed14989fd61bc8bf0db Any computer that has this package installed or running should be considered...

Malicious code in @evg-ui/lib (npm)

Malicious package. Executes hidden script during install to exfiltrate local IP, hostname, and homedir to an OAST server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee183b500af41035df15810e8e96ba76cf5a758c7d6d647678a1c3930ded627e Any computer that has this...

MAL-2025-4977 Malicious code in neuroglancer-rspack-project-source (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd14a9249e5b9f2e191e4d5577ce6e20a78b7a315f3b1d026f8e4af67f8afd8c Any computer that has this package installed or running should be considered...

MAL-2025-4966 Malicious code in zxdb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b6e6fbdc6289a7a4946e72303aaeb98c9b837470df312ade4e634a7fa81fa52 Any computer that has this package installed or running should be considered...

MAL-2025-5071 Malicious code in zora-metrics (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89561cb32e5173056b6ef51d8c685cac2ab304eca6024d37f963d31688e93820 Any computer that has this package installed or running should be considered...

MAL-2025-4962 Malicious code in zora1abs-protoc01-sdk (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e1f6f2a0db6c265885a73e2231e1e0b8b7498988fcbeb1acb543de2ff113770 Any computer that has this package installed or running should be considered...

MAL-2025-4982 Malicious code in comp-base-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86dd56ba61a953e19112e8fd19d04c755f48e262186426a358a7251dc398406f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4958 Malicious code in snapshot-server (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b418521074d89cfa7dafcbd2a57c8ea782c643409c895f9ac30d372688473947 Any computer that has this package installed or running should be considered...

MAL-2025-4956 Malicious code in owncloud-activity (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f185a6ebb16f2c76704506661c022be55d4d5fa2c82397aa60f5ef74cd38f879 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...