19 matches found
Malicious Package
Overview @cloudplatform-single-spa/magic-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
Malicious Package
Overview @cloudplatform-single-spa/ml-inference is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
Malicious Package
Overview @mlspace/shared-storage is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview @cloudplatform-single-spa/container-registry is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
MAL-2026-5009 Malicious code in @fb-deposit/form-savings-account (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
Malicious code in @cloudplatform-single-spa/ml-ai-agents-agent (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4915 Malicious code in @cloudplatform-single-spa/document-db (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4880 Malicious code in @car-loans/show-car-year-module (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
MAL-2026-4896 Malicious code in @cloudplatform-single-spa/cloud-dns (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in eth-security-auditor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e20bc5304d65563ad8b577a38c26db0b04746828b554f88cf5dd1215a214cf1 On import, ethsecurityauditor/init.py unconditionally fetches a JavaScript payload from...
MAL-2026-4665 Malicious code in security-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...
Malicious code in playwright-atoned (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 250795bc04569c6f87e372e4b6bed019148a1c78f4357e8e430c1865acfead07 The package exfiltrates sensitive data like local environmental variables and cloud tokens --- Category: MALICIOUS - The campaign has clearly malicious intent,...
Malicious code in moonbit-metrics-validator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...
MAL-2026-2946 Malicious code in moonbit-metrics-validator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...
MAL-2026-2911 Malicious code in terminal-formatter (npm)
terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...
MAL-2026-2026 Malicious code in pipinpeace-env (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b76166abb6c7173f1cc74e41509f4ded1be2de5cea682016e00001e4e23b75a9 Package is designed to exfiltrate env variables during installation. However, it requires providing a URL as an installation parameter, which suggests it's mor...
Malicious code in fwk-amigapython-rest-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9694db9e75e6f3f31137edfba3f3a51ede2881961ee930ea4a4b02e1be086fc8 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
Malicious code in do-not-install-this-package-003 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b7a8f2037bd4c28a5474af17179da0c12e37019623f5efa4d081d60758d4ac9 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...
MAL-2025-191765 Malicious code in import-license-checker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c41ca4c8119fa20f7f5915b34de59f879b77fedf237cbbf5a69e46ddbeded428 Package exfiltrates content of .env files to a remote target --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...