MAL-2026-1568 Malicious code in transform-inline-consecutive-adds (npm)

The package 'transform-inline-consecutive-adds' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in pear-wrk-wdk (npm)

The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in @nazi-team/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe057f6743744866cb43bc64a47f0b4e814f4de1d503ea59e8b3db6b3880ad00 The package @nazi-team/baileys was found to contain malicious code. Source: ghsa-malware...

Malicious code in redirect-sormfb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5077214a1a7b6d8085d3e85f9e33151aa5ec8c2525c22648b00fa637e46bde67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dojo.data.itemfilereadstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5248266d6f2bd26fd740923ccbb40e78dcc1ed93f59dfbaf27e9b51c212f6a67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cs-count (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6961148d61a9a3b12afb0f91d6d4647b2c986b36b0521d40567c9c5aa5860ead Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in quickstart-calls-chat-integration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66bc97e10c5b859cfaa1494796b4d2bb1741fa0062acbc4521af9369722b0c05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/aspernatur-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2db9352ce5aeccd44ca3b1ffcae6aca686f8859bb9797ca54c770a8fa6700815 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/quia-harum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36e96c5096009919782abeb8222b712a4cd7bc67592838577c9bdfb7fc4abd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/dignissimos-doloremque-magnam (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d87ebb1893495b74b563f0f42621c15a051580f9d0ddf7132cafbb8adaf49ee2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-7902 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc4c555cd9b6629dc3e1ef3e7b51a4ec04a28cc7bfe43abf7864a9c38acbd604 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in security-ebay (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f34f022f6da3bc1dc777a1311e7aaddde9d442e08bc13025aac5639f6695280 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in reacta-ollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 825fd3f747fc9038be3ca4b98812ee56a1a54a97edcc9eb91bbdbab57cdf3c96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in karmachromelauncer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b24c9e6b5230521b612776e0a75cb98e60bf7d856a2d9d5c89b779d4f894c49 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in 0supportscolor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c430a61fb64569c2e4ee9d61d852f0189d613b8a916487edce0ba29c2ac69e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in thesis-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8878bca276c410b3043886cc4e1292d4991c909a98078d879690ac7c2671a1ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tech-doc-hugo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8dee66703b31e37413a9adb8a1182b0bad51b5cfb28fb03747f5dc30068e9196 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bfx-stuff-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 664981f09a41326d6bdaec693a2d3f7846f69a5569859384bdbf9a56dcdc203c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @azure-tests/perf-storage-file-share-track-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a77a70aec760d01762f6eea825194c2d558174a44b966b59043ce3f9424626f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in alphavantage-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a52cf3eeac571578098a28579582b63109d138c2459095052076787de9db956 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...