Lucene search
K

25 matches found

OSV
OSV
added 5 days ago3 views

MAL-2026-6782 Malicious code in @marketfront/header (npm)

The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in @marketfront/gotoauthpopup (npm)

The @marketfront/gotoauthpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
OSV
OSV
added 5 days ago3 views

MAL-2026-6787 Malicious code in @marketfront/navbar (npm)

The @marketfront/navbar package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 7:12 p.m.9 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:16 p.m.5 views

Malicious code in ts-einkle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/26 2:16 p.m.7 views

MAL-2026-6524 Malicious code in ts-einkle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/25 8:40 p.m.9 views

MAL-2026-6474 Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/23 2:46 p.m.9 views

MAL-2026-6303 Malicious code in react-simple-utils-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...

5.9AI score
Exploits0References17
OSV
OSV
added 2026/06/15 3:9 p.m.9 views

MAL-2026-5783 Malicious code in vault-strategies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:53 p.m.12 views

Malicious code in goreleaser-run (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2733e0c086915d44eb8c971575087d9260bf1133d62da63920b578cf7e60c30 Package impersonates the legitimate goreleaser tool name goreleaser-run, homepage spoofed to https://goreleaser.org; goreleaser is not officially...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/11 7:18 a.m.9 views

MAL-2026-5606 Malicious code in chai-dec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fbe1098e3267cf9e98fe2591e27b58f87fb44ca8c5475a5fde64fed8c2dd1c3 chai-dec impersonates the chai/pino ecosystem package name rides on chai; package.json keywords and exports — module.exports.pino = middleware —...

6.7AI score
Exploits0References2
OSV
OSV
added 2026/05/26 1:0 a.m.9 views

MAL-2026-4476 Malicious code in ai3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83540d952123c5d1199bbec1a72d0c4c49c428f309b9d68df45e307b852000a7 package.json declares "preinstall": "./.github/scripts/precheck", which points at a 976,568-byte precompiled Linux ELF x86-64 binary shipped inside t...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.9 views

Malicious code in nock-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1070514eba7a5f0fedc2760db7710399d38e070d98dc99910d3b49923959820 The package declares scripts.postinstall: node postinstall.js, which runs automatically on npm install. The script is an explicit credential harveste...

5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/05/14 2:22 p.m.10 views

Malicious Package

Overview knot-rack-session-store is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2026/05/07 4:48 p.m.21 views

Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

5.8AI score
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/04/12 4:30 p.m.216 views

Exploit for CVE-2020-24586

Fracture FragAttacks WiFi Penetration Framework CVE-202...

3.5CVSS7.1AI score0.05765EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/04/06 11:45 a.m.6 views

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just how...

6.3AI score
Exploits0
OSV
OSV
added 2026/03/26 12:33 a.m.4 views

MAL-2026-2212 Malicious code in @opengov/qa-record-types-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0be39ed161d642824f2ce1f8511e03759918909ba0218265174294129a172d01 The package @opengov/qa-record-types-api was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
Rows per page
Query Builder