5 matches found
MAL-2025-47234 Malicious code in @crowdstrike/foundry-js (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b692cc7f6e5464ffd853e3847c9818751b07e7730ef96f968e01aea83827605f Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in @crowdstrike/foundry-js (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b692cc7f6e5464ffd853e3847c9818751b07e7730ef96f968e01aea83827605f Any computer that has this package installed or running should be considered fully compromised. All...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
@crowdstrike/alloy-react (>=0.0.2 <=0.0.5) potentially affected by unknown CVE via @crowdstrike/foundry-js (=0.17.1)
@crowdstrike/foundry-js NPM version =0.17.1 is affected by a known vulnerability. The following packages have a transitive dependency on @crowdstrike/foundry-js and may be impacted: - @crowdstrike/alloy-react =0.0.2, =0.0.5 Source cves: unknown CVE Source advisory:...
Malicious code in crowdstrike-foundry (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 89a436ce955b3eb01df1e23a27f7b9d0091b3720818f31559038c7af44bca276 The package looks like a beginning for a further work. In fact, the uploader has shortly published a few similar packages appearing to be e.g. an integration f...