Malicious code in webmd-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5693e1af021faa1bcf410e9bdf757b9deebbae4505daa969275ef365e719227 The package webmd-debug was found to contain malicious code. Source: ghsa-malware b74e0fa5da459a8e2a346f0ad74dcf61ebdf972a7840b7f61292e46ea5aa58db An...

CVE-2025-4106 WatchGuard Firebox leftover debug code vulnerability

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0...

Supply Chain Attack

@metamask/sdk, @metamask/sdk-communication-layer, and @metamask/sdk-react are vulnerable to Supply Chain Attack. The vulnerability is due to a compromised debug package that injected malicious code, allowing attackers to intercept or tamper with dApp-to-wallet communications...

Malicious code in flight-debug (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f68e2b41ce41ec300d19a5bfea6143aa90273b03ad4b7016083389bfd14919fe Any computer that has this package installed or running should be considered...

EUVD-2025-29226

Malicious code in bioql PyPI...

GHSA-4X49-VF9V-38PX [email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

CVE-2025-59144

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency...

Embedded Malicious Code

Overview debug is a small debugging utility. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook...

CVE-2025-59144

CVE-2025-59144 concerns the npm package debug . On 8 Sep 2025, the npm publishing account was taken over via phishing and version 4.4.2 was published with a malware payload that attempts to redirect cryptocurrency transactions in browser environments (e.g., via direct script inclusion or bundlers...

CVE-2025-59144 [email protected] contains malware after npm account takeover

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency...

MetaMask SDK indirectly exposed via malicious [email protected] dependency

Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time -...

When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack

On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...

Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond

A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the 2-hour exposure with Wiz telemetry 99% package prevalence, 10% malware presence, and unpacking what made it spread so fast...

npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack

Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…...

Embedded Malicious Code

Overview debug is a small debugging utility. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook...

PT-2025-37746

Name of the Vulnerable Software and Affected Versions debug versions 4.4.2 Description The npm publishing account for debug was compromised following a phishing attack on September 8, 2025. Version 4.4.2 was published with a malicious payload designed to redirect cryptocurrency transactions withi...

MAL-2025-23272 Malicious code in interface-cloud-class-benchmark-debug (npm)

The package interface-cloud-class-benchmark-debug was found to contain malicious code...

Malicious code in interface-cloud-class-benchmark-debug (npm)

The package interface-cloud-class-benchmark-debug was found to contain malicious code...

Autocaliweb 信息泄露漏洞

Autocaliweb is a web management platform by Phoenix Paulina Schmid Individual Developer. An information disclosure vulnerability exists in Autocaliweb versions prior to 0.8.3, which stems from a debug package that exposes sensitive configuration data, potentially leading to API key disclosure...