4 matches found
MAL-2026-3867 Malicious code in @antv/data-samples (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/data-samples (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@antv/auto-chart (>=2.0.0 <=2.0.5-alpha.0), @antv/chart-advisor (>=2.0.4 <=2.0.5-alpha.0) +1 more potentially affected by unknown CVE via @antv/data-samples (=1.0.1)
@antv/data-samples NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/data-samples and may be impacted: - @antv/auto-chart =2.0.0, =2.0.4, =2.0.4, =2.0.5-alpha.0 Source cves: unknown CVE Source advisory:...
From threats to apology, hackers pull child data offline after public backlash
Last week we yelled at some “hackers” that threatened parents after stealing data from their children's nursery. This followed a BBC report that a group calling itself “Radiant” claimed to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the U...