MAL-2025-99497 Malicious code in anxious_starfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38fe21b67f9ef542a192992b1d01d67ca63516dd5fb1cb7ccbaa26943e17a1dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-95112 Malicious code in invisible_crawdad_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db3f0548f9cb52ab973b5b4de60e7fbf393932b6769d190e8b373d90ff1b5bf7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in poised_tarsier_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0352d31c0ef60cd4108a1773f927ff1ba45f8138cf926bf5a1b5b7202a1dc4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fake-package-name (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47671 Malicious code in fake-package-name (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-7425 Malicious code in fake-package-apache-with-copyleft-dep (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dccffa1d5f84a8476d98fd5eed5c0401aba753ef0916b506d1b8f9687029351d The OpenSSF Package Analysis project identified 'fake-package-apache-with-copyleft-dep' @ 4.0.0 npm as malicious. It is considered malicious...

Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one...

Malicious code in usaa-fake-package-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 347ce4ca58848dcb7f6140438ee334f7f29f839f620db2334b9ebb1e3dc5514a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6841 Malicious code in usaa-fake-package-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 347ce4ca58848dcb7f6140438ee334f7f29f839f620db2334b9ebb1e3dc5514a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Typo-Squatting

ffmepg is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Threat Outbreak Alert: Fake Package Shipping Information Email Messages on April 10, 2014

Medium Alert ID: 33739 First Published: 2014 April 10 13:31 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain shipping information for the recipient. The text in the email message attempts to convince the recipient to open...

Threat Outbreak Alert: Fake Package Delivery Failure Notification Email Messages on April 4, 2014

Medium Alert ID: 33657 First Published: 2014 April 4 19:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a package delivery failure notification for the recipient. The text in the email message attempts to convince the...

Threat Outbreak Alert: Fake Package Shipping Information Email Messages on January 27, 2014

Medium Alert ID: 32576 First Published: 2014 January 27 13:56 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain shipping details for the recipient. The text in the email message attempts to convince the recipient to open t...

Threat Outbreak Alert: Fake Package Delivery Failure Notification Email Messages on December 9, 2013

Medium Alert ID: 32095 First Published: 2013 December 9 20:07 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a package delivery failure notification for the recipient. The text in the email message attempts to convince...

Threat Outbreak Alert: Fake Package Detainment Notification Email Messages on December 2, 2013

Medium Alert ID: 31960 First Published: 2013 December 3 00:36 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a package detainment notification from UK Customs and Border Protection for the recipient. The text in the ema...

Threat Outbreak Alert: Fake Package Tracking Information Email Messages on January 10, 2014

Medium Alert ID: 31958 First Published: 2013 December 3 00:33 GMT Last Updated: 2014 January 13 14:08 GMT Version: 10 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a shipping notification from FedEx for the recipient. The text in the...

Threat Outbreak Alert: Fake Package Tracking Notification Email Messages on November 25, 2013

Medium Alert ID: 31902 First Published: 2013 November 26 20:45 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a package tracking notification for the recipient. The text in the email message attempts to convince the...

Threat Outbreak Alert: Fake Package Delivery Information Email Messages on November 7, 2013

Medium Alert ID: 31684 First Published: 2013 November 8 17:53 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain package delivery information for the recipient. The text in the email message attempts to convince the recipie...

Threat Outbreak Alert: Fake Package Delivery Notice Email Messages on October 18, 2013

Medium Alert ID: 31331 First Published: 2013 October 17 17:57 GMT Last Updated: 2013 October 18 13:24 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a package delivery failure notification for the recipient. The text in...

Threat Outbreak Alert: Fake Package Shipping Notification Email Messages on October 7, 2013

Medium Alert ID: 31164 First Published: 2013 October 8 12:35 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a package shipment notification for the recipient. The text in the email message attempts to convince the...