100 matches found
Malicious Package
Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
MAL-2026-4260 Malicious code in defi-risk-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8385c44127ab4250664e1324009461ae329e3684948d692cc679962d59f818 On first import defiriskscanner, the package's top-level init.py unconditionally runs curl -sL...
Malicious Package
Overview defi-threat-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview defi-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4205 Malicious code in defi-threat-scanner (npm)
A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...
Malicious code in defi-env-auditor (npm)
A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...
MAL-2026-4204 Malicious code in defi-env-auditor (npm)
A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...
Malicious code in solidity-deploy-guard (npm)
A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...
codex-solidity
⛓️ Codex Solidity — Smart Contract & Protocol Audit Agent Imp...
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the...
DeFiHackLabs-skill
DeFi Vulnerability Analysis Skills This directory contains a...
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here's a quick rundown of the latest cyber stories that show how fast the game keeps changing...
1inch partners with Innerworks to strengthen DeFi security through AI-Powered threat detection
London, United Kingdom, 27th October 2025, CyberNewsWire...
EUVD-2024-33784
Malicious code in bioql PyPI...
Malicious code in cro-defi-swap-periphery (npm)
The package cro-defi-swap-periphery was found to contain malicious code...
MAL-2025-17690 Malicious code in cro-defi-swap-periphery (npm)
The package cro-defi-swap-periphery was found to contain malicious code...
Towards Verifiability of Total Value Locked (TVL) in Decentralized Finance
Total Value Locked TVL aims to measure the aggregate value of cryptoassets deposited in Decentralized Finance DeFi protocols. Although blockchain data is public, the way TVL is computed is not well understood. In practice, its calculation on major TVL aggregators relies on self-reports from...
Malicious code in defi-wallet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2a9667f769678a9fe048b57918ea5bfd54ef1323131a91f8d9e581feca74948 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3779 Malicious code in defi-wallet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2a9667f769678a9fe048b57918ea5bfd54ef1323131a91f8d9e581feca74948 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in eth-defi (PyPI)
--- -= Per source details. Do not edit below this line.=-...