MAL-2026-2909 Malicious code in tailwind-typography-cssstyle (npm)

tailwind-typography-cssstyle is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in tailwind-typography-cssstyle (npm)

tailwind-typography-cssstyle is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in tailwindthml-flips (npm)

tailwindthml-flips is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Account Takeover

color is vulnerable to Account Takeover. The vulnerability is due to a phishing-based takeover of the npm publishing account, which allowed an attacker to inject malware that attempted to redirect cryptocurrency transactions in browser environments...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

Embedded Malicious Code

Overview debug is a small debugging utility. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook...

GHSA-JWQ7-6J4R-2F92 Prebid.js NPM package briefly compromised

Impact NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Patches 10.10.0 is solved References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack...

CVE-2025-59038

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fix...

CVE-2025-59038

Prebid.js (npm package) CVE-2025-59038 concerns the 10.9.2 release being briefly compromised by malware that redirected cryptocurrency transactions to the attacker’s wallet. The issue is addressed in version 10.10.0; a workaround is downgrading to 10.9.1. This CVE is tied to the Prebid.js npm pac...

Embedded Malicious Code

Overview @duckdb/duckdb-wasm is an in-process analytical SQL database for the browser. It is powered by WebAssembly, speaks Arrow fluently, reads Parquet, CSV and JSON files backed by Filesystem APIs or HTTP requests and has been tested with Chrome, Firefox, Safari and Node.js. Affected versions ...

Malicious code in duckdb (npm)

The DuckDB Node.js package duckdb version 1.3.3 was compromised with malware through a sophisticated phishing attack targeting the DuckDB maintainers. An attacker created a pixel-perfect copy of the npmjs.com website at npmjs.help domain and tricked a maintainer into logging in and resetting 2FA...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercriminals by processing more than $100 million in transactions linked to illicit...

Apple Bans Cryptocurrency Mining Apps From Its App Stores

Due to the surge in cryptocurrency prices, not only hackers but also legitimate websites and mobile apps are increasingly using cryptocurrency miners to monetize by levying the CPU power of your PC and phones to mine cryptocurrencies. However, Apple wants to protect your Mac and iPhone battery fr...