`polymarkets-rs-clob-client` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-19 approximately 20 hours before removal and had no evidence of actual downloads. There were no crates...

RUSTSEC-2026-0016 `polymarkets-rs-clob-client` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-19 approximately 20 hours before removal and had no evidence of actual downloads. There were no crates...

EUVD-2021-1031

Malware in sbrugna...

Widespread Supply Chain Compromise Impacting npm Ecosystem

CISA is releasing this Alert to provide guidance in response to a widespread software supply chain compromise involving the world’s largest JavaScript registry, npmjs.com. A self-replicating worm—publicly known as “Shai-Hulud”—has compromised over 500 packages.i After gaining initial access, the...

MAL-2024-11965 Malicious code in dependency-review-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb9bad81419f4cfa2078b1228e521070aa1d15f91e26a58d7ee754871cd614c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dependency-review-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb9bad81419f4cfa2078b1228e521070aa1d15f91e26a58d7ee754871cd614c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5 ways to find and fix open source vulnerabilities

Guest post by Limor Wainstein A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software OSS ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a...

OPENSUSE-SU-2018:0589-1 Security update for go

This update for go fixes the following issues: Security issues fix in version 1.9.4: - CVE-2018-6574: 'go get' remote command execution during source code build bsc1080006. Bug fixes: - bsc1082409: Review dependencies requires, recommends and supports. This update was imported from the...

OPENSUSE-SU-2018:0588-1 Security update for go

This update for go fixes the following issues: Security issues fix in version 1.9.4: - CVE-2018-6574: 'go get' remote command execution during source code build bsc1080006. Bug fixes: - bsc1082409: Review dependencies requires, recommends and supports. This update was imported from the...