Malicious code in symphony-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8ac47d747638835685ead66cf3fe6fc737f93e540093a4f94b0148b45db3c3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10818 Malicious code in tautoak4-hello-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f0a170170a102f43fd03d3b08bbcb53a572a5f48cde13250b3059ff3b332404a The OpenSSF Package Analysis project identified 'tautoak4-hello-world' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

MAL-2024-10712 Malicious code in aptos-mint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 36708bd8a484a66c209db0503bcb408bda289bc62ccb62bf603f1351229362ea The OpenSSF Package Analysis project identified 'aptos-mint' @ 0.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in yarn2nix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 926aa0eee20951e4172e721ccd2f312b8bf8b7f4618dd28b4f54cde9acdc76d8 The OpenSSF Package Analysis project identified 'yarn2nix' @ 1.3.4 npm as malicious. It is considered malicious because: - The package...

MAL-2024-10546 Malicious code in sa11y-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6d5bafaebfdac1f978717befc53c254b49402446987a1ab641393d3aa341bd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10543 Malicious code in nordic-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d092883ffa5f152a8f2a83ea9b516dc1228960983868316a9dd74fd197f6b43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10474 Malicious code in verifypoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c595859885b469030e044b6604a0e533f4f5508c8ef28c96da2319428bfc600f The OpenSSF Package Analysis project identified 'verifypoc' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in evernote-thrift (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0cafc1fbe5d3aca2d0d736873649060e6c9dce551db713b3d91723a78f9a2f22 The OpenSSF Package Analysis project identified 'evernote-thrift' @ 1.4.8 npm as malicious. It is considered malicious because: - The package...

MAL-2024-10308 Malicious code in vpsnet-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a6306e16dc768df2420085aa5f4943c50eb1d96ddd9040f840df1b8f7b256b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10241 Malicious code in youreallydontwantthispackage2131 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8bca93b1825c930118e85cc054305e6aef120080f8cc68233467eb6ee7b3ff1d Installing the package attempts to exfiltrate GCP tokens. As it uses a random names and/or targets specific accounts, it's most probably a pentest. --- Categor...

MAL-2024-9305 Malicious code in ts-calling-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0db756d26a3007b10201297415dfaa2cf6315b37f9ef0b88fa32feac6aaf42bd The OpenSSF Package Analysis project identified 'ts-calling-test-app' @ 1.999.0 npm as malicious. It is considered malicious because: - The...

CVE-2024-46088

An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file...

MAL-2024-9267 Malicious code in innostage-group (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 9d0f2f6104de4772268a20f51e009797c0c4b0740d18d98d730417fdafdfb052 When imported, the package download and runs a remote stage - a reverse shell. To mas...

Malicious code in cloudflare-docs-starlight (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc416353baa88972c0106ceb1b2fa7077b9cfbcd687be15e44c70ee5edc0c526 The OpenSSF Package Analysis project identified 'cloudflare-docs-starlight' @ 1.1.1 npm as malicious. It is considered malicious because: - The...

Malicious code in gui-timbuctoo-emlo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 51bc1fd493706f789fb72e128dba57e378ccd77ed131e6820d8d5cd2dbbb4bc9 The OpenSSF Package Analysis project identified 'gui-timbuctoo-emlo' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-8978 Malicious code in mobilistensampleapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba7ba55325dffb35b659c0188a1e985d27d4bd66b134d9b73d0008ce1b88a034 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8930 Malicious code in @the-c-company/scope_packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 36ddd29067e6d60944a4f72e473733f61a21a1f7bd5c731b167d44236a178fbd The OpenSSF Package Analysis project identified '@the-c-company/scopepackages' @ 1.0.0 npm as malicious. It is considered malicious because: - T...

MAL-2024-8849 Malicious code in video.min (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1b2a0713372942343830cd53ad3ad5ffe4dcf7e827523510ef79e32b38f67db3 The OpenSSF Package Analysis project identified 'video.min' @ 1.0.22 npm as malicious. It is considered malicious because: - The package...

Malicious code in proto-google-cloud-dlp-v2beta1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d21bb408ed0e178e23e5b4face7188968fd711ea7ceab009b9d04e6a508740d Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

MAL-2024-8732 Malicious code in @desesap289/dev_dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ac047c7ec6034e7a80c74ca32646da104b86b3f39c46f7f836deeebebeb53b20 The OpenSSF Package Analysis project identified '@desesap289/devdependency' @ 10.20.9 npm as malicious. It is considered malicious because: - Th...