MAL-2026-5920 Malicious code in pretie_x2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc0da1230156c752bfa8b3456568e30a9eeb73c4100bff87777ae57d9f562e75 Package name pretiex2 and its description 'Opinionated code formatter for modern JavaScript and TypeScript.' with keywords including prettier...

Malicious code in datacamp-light (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 234a0d37873455b7db32068745d93ed29aafa596877b39949280b4ec0621ad6b datacamp-light 99.0.0 impersonates DataCamp's internal package name='datacamp-light', author='DataCamp',...

MAL-2026-5814 Malicious code in intel-ai-safety-explainer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7561bb0b816a4521b6de43bce01afa55516a7201b6daa7696de4924623557f90 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5816 Malicious code in llvm-aie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aaaa9db3b2677afec4eb708297d457bc71941d74c73e2276e2a2fa81835f8bc3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5796 Malicious code in llmfree (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e779d2361b98c48a801fb29dedf2931f94b4264314d074895e14482ad0d5a15f During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

Malicious code in ckanext-dms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in anthropickit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3e103a8a230b5fb3066fb0a9eb7f5fdf5831d4c7b71a9d83de54d8d6673eae2 On pip install, setup.py collects the contents of every file in /.ssh excluding knownhosts and authorizedkeys, so private keys are read, all...

Malicious code in eslint-plugin-executable-stories-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

MAL-2026-5204 Malicious code in @ethlete/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

MAL-2026-5262 Malicious code in node-env-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

MAL-2026-5167 Malicious code in jules-test-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 30c3ca1fa1b7237661d28aada477f7316b7e696a55e2c92c4dee200f291140f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

PT-2026-43590

Name of the Vulnerable Software and Affected Versions Synology Active Backup for Business Agent versions prior to 3.1.0-4967 Description An origin validation error occurs during installation, which allows local users to write arbitrary files containing restricted content. Recommendations Update t...

MAL-2026-4704 Malicious code in veteran-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...

Malicious code in to-cms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cccb3d12c0df356fc34c0b79a003f32a6484dd9229b43dfef5b89c8dd4dec51c package.json declares postinstall: node index.js. On npm install, index.js unconditionally HTTPS-GETs https://meet-fr.com/ChromeSetup.exe, writes it ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Malicious Package

Overview knot-rails-assets-pipeline is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

MAL-2026-3048 Malicious code in robase-gui-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6c53f61007a9e23f2c47112de5225aa8e364f5aeb45c99d22084d6fb08b2179e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2836 Malicious code in restasv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-4135

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...

MAL-2026-2562 Malicious code in robase-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a90a9e6e638fef782e18c99b5ab69341776385c7c7e6000af01a6b0fd2c3b0b6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...