Malicious code in via-city-tools-m-particle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc5c4f690e0399edc4408e7729291803db7916ed764bcfe16988f4cdccd5cfc1 The package exports an empty object module.exports = and has no functionality of its own. Its only substantive effect is to declare a dependency on...

MAL-2026-1525 Malicious code in peer-deps-external (npm)

The package 'peer-deps-external' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious Package

Overview transform-dynamic-import is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

Malicious Package

Overview minify-mangle-names is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

Malicious Package

Overview no-type-assertion is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

Malicious Package

Overview peer-deps-external is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

Malicious Package

Overview better-styled-components is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

Malicious Package

Overview urql-introspection is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

SUSE CVE-2026-26995

Further research determined the issue is an external dependency vulnerability...

CVE-2026-26995

Further research determined the issue is an external dependency vulnerability...

Malicious code in com.google.external-dependency-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de588a7a3cf800b45db94d69956c418bb8f7aa386ca30a915217ca0c3f8bf900 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ettercap - A Comprehensive Suite For Man In The Middle Attacks

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ETTERCAP...