3 matches found
MAL-2026-4896 Malicious code in @cloudplatform-single-spa/cloud-dns (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @cloudplatform-single-spa/ml-ai-agents-agent (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4665 Malicious code in security-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...