MAL-2026-5783 Malicious code in vault-strategies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...

MAL-2026-5741 Malicious code in @achuthvp/postinstall-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...

Malicious code in @t-in-one/form_product_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @cloudplatform-single-spa/bare-metal-servers (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @webapp-next/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbad3803cdda40845fe2aa64e0963b9293f9ee523b3f9205a354da2ae1e317bf package.json declares "preinstall": "node index.js", which runs automatically on npm install. index.js collects os.hostname, os.platform, os.arch,...

The Infinite Mutation Engine? Measuring Polymorphism in LLM-Generated Offensive Code

Malware authors have traditionally relied on polymorphic techniques to produce variants in the same malware family, complicating signature-based detection. Integrating generative AI into offensive toolchains enables attackers to synthesize structurally diverse payloads with identical behavior,...

RUSTSEC-2023-0114 `tiny-server` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user http-tiny and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download...

Malicious code in pyioler (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b5a0ae31e85484643163bd7b0da8800b531141a1e5d14a97f534b2bfdbefb531 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...