MAL-2026-4841 Malicious code in @hcs-hybrid/uirouter-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27a0d7e172f9959faebfaed919369b4cd7a6321d9ae58986de045174908d431c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4845 Malicious code in @polka-ui/recoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebdab3116c10799ff2e38e53ee85ffe7d2fb61961d8e3924319030b12d2a516c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of scsi sd during the deviceadd process, resulting in the failure to call putdisk. Th...

CVE-2026-45857

scsi: csiostor: Fix dereference of null pointer rn...

CVE-2026-41104

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

Malicious code in int-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 369f6932b06597ffc51269a3c2634d158a10270a5c79eb9e4842818e8570c544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in web3-prices (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee650bfe594eb17193a4760fd6fc279eb10670ae045500913ea673951427b47e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in web3.prc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db6feb92bb662bbf24ea3769595c836f3443f8fb33833b094134f294704af70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4802 Malicious code in xlsx-enhanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5196a5b8e1db8092bb735b33db7212278bd080b11315dab3eae15251655c22a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team CERT-In has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse ...

Malicious code in ts-config-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 991f5b6f0d00ce1e267299db5a6e4d74717173d1548efb94d68345cb6c8f6dc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4305 Malicious code in auth0-net-sdk-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cf6a5c13db1c0846ba64abd842d9980dddd9c0d66d3497d549779ccaea114b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in auth0-net-sdk-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cf6a5c13db1c0846ba64abd842d9980dddd9c0d66d3497d549779ccaea114b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4310 Malicious code in explorhub-ai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mobile-international (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 543efd73c4d2860379f7e412db8f3ddb33401c3788a2a18f5ec0648e33b51a33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4343 Malicious code in wnba-parent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61f696f0e2dd839f3a95ac5bfd9e38dd4b3910253ae2d56e79fe088a08519db1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4340 Malicious code in wm-plugin-open-teach-me-after-deployable-played (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 655533b31e25a157ee83f60bf9745992f585b321861539de7e40a9a7549dd38d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flow-parser-oxidized (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 656e2f1d3b8c65b9726bb52918453404799c461b0db5ae89061e6b740aa4862d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-4282 Malicious code in prompt-engineering-toolkit (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...