548 matches found
MAL-2026-10214 Malicious code in babel-preset-lib-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4274de0136aa69f8b0f4eba03412c7809a1b8c2446bb3ed7f6de1333475aa4c4 index.js, the package main, runs a load-time IIFE that collects OS platform and architecture, hostname, username, private and public IP via...
CVE-2026-12375 Uncanny Automator Pro 7.3.0.5 - Backdoor via Compromised Vendor Update Server
The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator sessio...
MAL-2026-6865 Malicious code in polymarket-onchain-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73556a574d8ee416a5440f889b73cafff3b464650d6b2b2caf4001ce15086f6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-10224 Malicious code in @idms-corp/auth-ui (npm)
The @idms-corp/auth-ui package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @idms-cor...
MAL-2026-10221 Malicious code in @flex-ng/error-component (npm)
The @flex-ng/error-component package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the...
Malicious code in horde-python-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...
Malicious code in epic-build-scripts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14d466b50466bb93e6e9130d18e67b680c7255beecafe16043dc5ee51bfec886 On import epicbuildscripts, the package's top-level init spawns a background thread that POSTs a JSON payload containing socket.gethostname, the...
MAL-2026-6733 Malicious code in epic-build-scripts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14d466b50466bb93e6e9130d18e67b680c7255beecafe16043dc5ee51bfec886 On import epicbuildscripts, the package's top-level init spawns a background thread that POSTs a JSON payload containing socket.gethostname, the...
MAL-2026-6735 Malicious code in ue-python-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a6d9d874ce102a9ac674f8f713472a473007dc3d51adb869c5198afc708751 On import uepythontools, the package spawns a background thread that issues an HTTP POST to http://109.123.247.172/pypi carrying a JSON payload...
Malicious code in velocityfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c937a54c3629f80fb7b92fbdafda502706b6028b43bc4675eb30c55d9bc059e9 Package masquerades as 'Performance fixes for Minecraft Velocity proxy' authored by 'Velocity Team' — Velocity is a Java project from PaperMC and has...
Malicious code in leo-streams (npm)
The leo-streams npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in zod-pino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...
MAL-2026-6236 Malicious code in query-profile (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5505d198ffea0cc608cbcd89e3d8fbe236f4d4ac532425b0e042c52bf87efe This package's metadata and README openly declare it as a dependency-confusion proof-of-concept that registers a PyPI name referenced in Apple's...
Malicious code in uol-simple-api-futebol (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 962c38ed6ec061ce6a530aeea5a960dfc2b75caec56f7a1bc648f6b6cb655271 The package's only documented function, getJogos default export, unconditionally invokes an internal helper named prepareCacheMatchs which POSTs the...
MAL-2026-5828 Malicious code in ogd-platform (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f17f2c263db2adee12698bd9046668b9b674bcdf063b959f54841914a6028931 The package contains only a package.json with a preinstall lifecycle script and ships no actual functionality despite advertising itself as an 'Open...
MAL-2026-5820 Malicious code in node-scraper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 52aa9bb0c23cd9126412a9477da59431309521a78dd65e807b7dd198367d0a83 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in dispatch-internal-plugins (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5993e79eab55ecc24ada6a4bce88f580c958499d51d0d7472e74aad904648964 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in gigl-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5811 Malicious code in gigl-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5818 Malicious code in mlir-aie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...