EUVD-2025-201134

Malicious code in email-validated npm...

MAL-2025-192292 Malicious code in email-validated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16af72446800f2251ecdda400ad30c23637f628d1487ae5c911bb4283e3fe10c The package email-validated was found to contain malicious code. Source: ghsa-malware 9f2a0d9794c8d949cc051fe3c306af63ddb55b6848d0607ef1f5d332585a2fc...

Malicious code in email-validated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16af72446800f2251ecdda400ad30c23637f628d1487ae5c911bb4283e3fe10c The package email-validated was found to contain malicious code. Source: ghsa-malware 9f2a0d9794c8d949cc051fe3c306af63ddb55b6848d0607ef1f5d332585a2fc...

Malicious Package

Overview email-validated is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

Code injection

eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enable...