Lucene search
K

12 matches found

The Hacker News
The Hacker News
added 2025/11/13 4:58 a.m.8 views

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort. "The packages were systematically published over an extended period, flooding the npm...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.2 views

Malicious code in nuyar-adaraa-bya (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 914a26da737b1757a35243640927b5a74554f25a8864f9b61cc2aff6eb3fa75f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.1 views

MAL-2025-149356 Malicious code in webdriver-mocha-mini-css-extract-plugin-acamar-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53af958770f4ad50cb7b1fa86e408b7c65cf53d5d6044488bb5a3d18fcca5da5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.1 views

MAL-2025-146289 Malicious code in playwright-yonder-module-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b8a88d8d6c9de0dc9811395ffc27c01a2b4ffde660a8f412ebbeaa8db6930e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.1 views

MAL-2025-145999 Malicious code in pavo-hugo-winston-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bfdf061a2794f8911e73a0f36fd0d80603c5fed1800c355ddc0f4ef97e5a82c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 3:19 p.m.2 views

Malicious code in riana-toge95-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccdafe5d032e44aec717e135e03111720aa8533f436f1aca8776dbee7172a85 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 4:25 a.m.2 views

Malicious code in candra-ruwet67-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d5c4cf84183d897424d68a46734079a127e159540ead70ccae2bb1c9acfb183 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:17 a.m.2 views

Malicious code in fajar-kembang80-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c6c509a03b25c03d42f20813ef37b5f51d35e834d6f4f9e53f17179b83d82b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
HackRead
HackRead
added 2024/08/30 11:29 a.m.11 views

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

A year-long malware campaign targets Roblox developers using fake NPM packages mimicking "noblox.js" to steal data. Despite takedowns,…...

7.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.3 views

SUSE CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This...

5.3CVSS6.5AI score0.00701EPSS
Exploits0References50
OSV
OSV
added 2022/12/27 3:25 p.m.16 views

GHSA-G86J-HWG9-77Q5 SentinelOne impersonated via PyPI packages

In December 2022, threat actors impersonated SentinelOne by uploading fake software development kits SDKs onto PyPI. The SDKs contain fully functional SentinelOne clients, but the packages also contained malicious backdoors that are only executed when called on programmatically, as opposed to...

7.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/06/29 4:45 p.m.3 views

rpm: unsigned signature header leads to string injection into an rpm database

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity...

5.5CVSS7.3AI score0.00701EPSS
Exploits0References4
Rows per page
Query Builder