Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

Malicious code in levels-lacerta-entanglement-entanglement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16642552a6d597c86591a4a1cbb8f43b1ad3684cde6618a09349b8f72810b1d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in beta-try-omicron-orchestrate-analyze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b40241994a51d236f94131d470823d6b7102b40d2be0b6ee91870c93a7ef67ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in saturnology-fomalhaut-geckodriver-resolvers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2caba52a6e0c88328d81e8c122e414d91225f1c1fc9d17f8a5aed4ff943da7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in solis-semantic-release-pm2-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25f3fbcd8cfd3f79b4077a30db2336a9949bd3aed84da84464d9498779874eb6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deimos-koa-build-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a36c41fcb310eff78aafc5e8df244c1040a53162533a3e6f7026cd926873e7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in double-decode-encrypt-cache-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2dd120085360bd941b6b618bfba167ef9076e6663bd3af7dc247e1b7a6588f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-aether-hawkingradiation-augmentedreality (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0a7a9c4b6adbb29d416747efaefe914079d8722fce2307a0b32e37ccc5eb06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lambda-quick-monitor-optimize-book (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31413bacc2a8d809baaa17d8864f2dd01df960cc2b18b4f74b66136f795d7828 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in css-loader-iota-celeste-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1a6b13fa0fe3ce78be3d5056c24ebef487000d78e816da9cf71322e731db798 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in warn-array-container-grid-stub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fc1c40e8556a40bb1303463fa81490f6a1cd507d53c7b15d0ccee323cc63deb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in star-private-minify-bad-compress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c073ea8c71ff7c1c682370bd5c071b312cff6ebdf04d0b7966fe8d9f0e529a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xml-ganymede-blackhole-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88f9155b2d8ce820717206738c409a6b5bd08e2b6d23bf512466d5e1be776f14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in epsilon-bash-sigma-tree-scale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52d28814c9273e5485edabd3f7886de05ba4b3bb5991d48da9ab724dcf3baaeb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in unuk-mui-antares-neuromorphic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1ec361b50b97c7e7b7ab5f49059900ab7878e6ffac9899246ded9fccc19d11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spectron-mini-css-extract-plugin-enif-commitizen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77bf4632685f048e884c1d50e6b8ad6399db3c7078098bf8b61b8d61dd7d4b35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in halley-pm2-semantic-ui-commitlint-config-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 207baa0abd8ece63fe60c3b6ed72245a1fbd0ab7acbb419f0f280f5e15470fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in got-lynx-greatfilter-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb1e5ae3602ba1d907e123d07c8bb75e62724ff1d8078775eb901682291c03f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phenomic-metalsmith-neptune-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40a3e947e7e13e33325e88989cd6115c193af7ef059f6904daade611693e4fa9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...