MAL-2026-5640 Malicious code in ecto-corsair-whisper-6f3b9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8695ea17273c804f1a58e6c0b877de280f7472622065964245deb85cc62dae20 The package declares a postinstall lifecycle hook postinstall.js that runs automatically on npm install. The script shells out via curl to the EC2...

Malicious code in @0xlr/prisma-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b993c29d90c2ecfffaa9ed55b99c38e5351052e619b79ad2a385d6c72376f0f4 On npm install, postinstall.js enumerates all of process.env, collects hostname, username, homedir, cwd, argv, platform/arch/release, memory and CPU...

Malicious code in dit-envv (npm)

dit-envv is a typosquatting package impersonating dotenv, the widely-used environment variable loader. The package bundles the legitimate dotenv source and documentation to appear functional while hiding a credential-theft payload in index1.js, executed at install time via the postinstall script...

telnet security update

CentOS Errata and Security Advisory CESA-2005:504 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2005-June/074020.html https://lists.centos.org/pipermail/centos-announce/2005-June/074022.html...