EUVD-2025-29241

Malicious code in bioql PyPI...

GHSA-4X49-VF9V-38PX [email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

CVE-2025-59145 [email protected] contains malware after npm account takeover

color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrenc...

CVE-2025-59143

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

Update 25.06.2025: Apple removed the malicious app from the App Store. In January 2025, we uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims' crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a...