5 matches found
Malicious code in @emcd-vue/auth (npm)
Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...
MAL-2026-1937 Malicious code in @dotprompt/promptly-darwin-arm64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 120d702f1e340ffdca19411824d16c6b6f381c53e0cb3e123982aaba2d013458 The package @dotprompt/promptly-darwin-arm64 was found to contain malicious code. Source: ghsa-malware...
Malicious code in athira-darwin-arm64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f5187d16196b84804557d150debc4215dc39e15856b77fb994551bf7457299c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in skinnyvans-darwin-arm64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7c46b0e2fd5826ee3bdd4b6d38a695126f358eaa2be3ea79a33dea0667db347 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4503 Malicious code in skinnyvans-darwin-arm64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7c46b0e2fd5826ee3bdd4b6d38a695126f358eaa2be3ea79a33dea0667db347 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...