Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

Malicious code in bellatrix-websockets-filament-biohacking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b482c2d556ba583b556025d321187a786b8b6b58a20043a55dcfaa188e66080a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in uranology-less-markdown-pdf-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c7bd429984bdfad6fb783aa98cdd8ab753a86703687e1e723fc3a2e3aee022d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in soap-wasat-frontend-astroinformatics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 035f9ef7998b394d382afc13f9209220a634c21114f0432767956685d56e9cf2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fusion-gammarayburst-magnetosphere-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f8f77eac23d4f77219dc3dd38e3e9549d7347f9797f1f0094e9a201751610b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apollo-areology-tardigrade-tailwindcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca645c1e73422a65c8b79fd047b60d4ad87534ee6dd87cc564d09d207e3ff405 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hydra-helmet-terser-webpack-plugin-ignite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33dbdfc3aeaf126c1ce24cb78ecb3e956771efcf6d0cb9a2a8be189ba3b1c57c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in local-jasmine-gammarayburst-delphinus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7ca518ad3274ecd8b9b330927a7839396f389f138e82a934647325eb4e447a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jekyll-nightmare-juno-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 720b0955abd011ee1ffc556684896bfc2c599a4b61ff0568122dda4e4e07ee8d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fusion-gravity-css-loader-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52baf9ca8ebdb49763df8f528108db23d21f441b6cd5d8a94e2be0ad3edd8db5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spinner-proxima-cybernetics-cosmochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7452dbccf4e36bdc41bf89259059d35e9ad079945737d08d43590057286583d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in figures-proxima-sedna-envconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92d0b9329c538d56e5c03a9784fb71627128b7a5d0af3687c492dcdac386fa18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miranda-gacrux-stratigraphy-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06412ef9850be1e7a1ccd8f1007f1b16b41bc66dcde0d734ed417f747e5780c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xo-castor-frontend-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 075c29e54a9911238abd8798bbb7fef42b22c93a5a8aa1a39d9fa0bf36cc7c7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in terser-webpack-plugin-rollup-plugin-cybernetics-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6b7843b7f7891a049059218853ee6c6a14322926fe06a83bd6cb691a16048b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cache-less-venus-supercluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 659212101cca38f059209e2f0da10a24d153b7169e257a5f1253c0a48b3eba05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in table-rho-deserialize-authorize-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 676733ffec7a87fb7924febd613837bf69e942ad15ee542b5df5d85fe0246fcf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in metalsmith-ganymede-gravitationalwave-biogeochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd371531b6504d7302f781d1d49aa918cc42e03fda931b017ec70b39844a114a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleoecology-tardigrade-express-rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab02d785c1af544c7c0c174e3a90bdc47d16a2f816fbd258d3b669ccf44e59ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...