Lucene search
K

103 matches found

OSV
OSV
added 4 days ago3 views

MAL-2026-6692 Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/09 7:55 a.m.10 views

MAL-2026-5354 Malicious code in defi-tools-39 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, byte-identical to swap-sdk-87. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894...

5.6AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/07 4:26 a.m.87 views

defi-exploit-pipeline

DeFi Exploit Pipeline Pipeline otomatis untuk menganalisis sm...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/05/23 9:0 p.m.13 views

Malicious Package

Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/22 8:31 p.m.8 views

MAL-2026-4260 Malicious code in defi-risk-scanner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8385c44127ab4250664e1324009461ae329e3684948d692cc679962d59f818 On first import defiriskscanner, the package's top-level init.py unconditionally runs curl -sL...

6AI score
Exploits0References6
Snyk
Snyk
added 2026/05/22 2:42 a.m.8 views

Malicious Package

Overview defi-threat-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 2:42 a.m.11 views

Malicious Package

Overview defi-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/21 12:0 a.m.9 views

MAL-2026-4205 Malicious code in defi-threat-scanner (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References16
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 10:34 p.m.15 views

Malicious code in defi-env-auditor (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.9AI score
Exploits0References16
OSV
OSV
added 2026/05/20 10:34 p.m.9 views

MAL-2026-4204 Malicious code in defi-env-auditor (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.9AI score
Exploits0References16
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 10:20 p.m.10 views

Malicious code in solidity-deploy-guard (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References15
GithubExploit
GithubExploit
added 2026/04/28 12:10 p.m.143 views

codex-solidity

⛓️ Codex Solidity — Smart Contract & Protocol Audit Agent Imp...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/23 1:17 p.m.8 views

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the...

9.8CVSS8.2AI score0.06996EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/01/30 2:14 a.m.161 views

DeFiHackLabs-skill

DeFi Vulnerability Analysis Skills This directory contains a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/04 11:58 a.m.12 views

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here's a quick rundown of the latest cyber stories that show how fast the game keeps changing...

7.3AI score
Exploits0
HackRead
HackRead
added 2025/10/27 2:0 p.m.2 views

1inch partners with Innerworks to strengthen DeFi security through AI-Powered threat detection

London, United Kingdom, 27th October 2025, CyberNewsWire...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33784

Malicious code in bioql PyPI...

6.1CVSS8.6AI score0.00574EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in cro-defi-swap-periphery (npm)

The package cro-defi-swap-periphery was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-17690 Malicious code in cro-defi-swap-periphery (npm)

The package cro-defi-swap-periphery was found to contain malicious code...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.2 views

Towards Verifiability of Total Value Locked (TVL) in Decentralized Finance

Total Value Locked TVL aims to measure the aggregate value of cryptoassets deposited in Decentralized Finance DeFi protocols. Although blockchain data is public, the way TVL is computed is not well understood. In practice, its calculation on major TVL aggregators relies on self-reports from...

6.9AI score
Exploits0
Rows per page
Query Builder