Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

Malicious code in bellatrix-websockets-filament-biohacking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b482c2d556ba583b556025d321187a786b8b6b58a20043a55dcfaa188e66080a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in uranology-less-markdown-pdf-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c7bd429984bdfad6fb783aa98cdd8ab753a86703687e1e723fc3a2e3aee022d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in soap-wasat-frontend-astroinformatics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 035f9ef7998b394d382afc13f9209220a634c21114f0432767956685d56e9cf2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fusion-gammarayburst-magnetosphere-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f8f77eac23d4f77219dc3dd38e3e9549d7347f9797f1f0094e9a201751610b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miranda-gacrux-stratigraphy-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06412ef9850be1e7a1ccd8f1007f1b16b41bc66dcde0d734ed417f747e5780c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xo-castor-frontend-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 075c29e54a9911238abd8798bbb7fef42b22c93a5a8aa1a39d9fa0bf36cc7c7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in terser-webpack-plugin-rollup-plugin-cybernetics-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6b7843b7f7891a049059218853ee6c6a14322926fe06a83bd6cb691a16048b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cache-less-venus-supercluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 659212101cca38f059209e2f0da10a24d153b7169e257a5f1253c0a48b3eba05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in table-rho-deserialize-authorize-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 676733ffec7a87fb7924febd613837bf69e942ad15ee542b5df5d85fe0246fcf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in metalsmith-ganymede-gravitationalwave-biogeochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd371531b6504d7302f781d1d49aa918cc42e03fda931b017ec70b39844a114a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleoecology-tardigrade-express-rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab02d785c1af544c7c0c174e3a90bdc47d16a2f816fbd258d3b669ccf44e59ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in new-user-static-awk-zeta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f9dcf7eed16e352a4e0fcdb4e1c39ec368864e56f59a7c610fef54ab9b66cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in radioastronomy-mongoose-inquirer-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b90a3ad43fd3d17f857f0d6f4fe80c069a4b11b70c9356b9193d840d067320 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in terser-webpack-plugin-nucleosynthesis-hadron-taurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9369464ddb44df2eb49a987731c6b712db57570302fd3f325530a2afb053126 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in carpo-mdx-comet-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4595409170e260ff1842190bade73fd00f5722cb17fc89c590765a3a6244b293 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dysonswarm-gulp-dendrochronology-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df2900cd899be02f8b927b3a22067e8f4e1e87d3b8ee57a7ad44205167f4a2bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bunyan-redis-capella-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56b9ec0c5fa82205dee259b73ad694a1c72663bb5a0d4d0e23c5bbbfbe461f40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kaus-triton-sadr-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea9faf4f30b1aac05c7e7a00fe9b84e14833a19549318de6dae1371066e68ffd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...