Malicious code in @redhat-cloud-services/rbac-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

UBUNTU-CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

Malicious code in explorhub-ai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4310 Malicious code in explorhub-ai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2026-42680

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

Malicious code in ethers-multicall-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...

MAL-2026-4240 Malicious code in ethers-multicall-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...

Malicious code in the_secret_of_running_by_hans_van_dijk_ron_van_megen_02jsk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11aa0239d26b0aae85ed4e3f9bc78838fbdfd47beb4bc9ab701687cb7081513e The package thesecretofrunningbyhansvandijkronvanmegen02jsk was found to contain malicious code. Source: ghsa-malware...

Malicious code in @uipath/aops-policy-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3ffa653b190d1fd6f355664623366bda5832396e46eb577a6da7e729d642ca5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3434 Malicious code in @opensearch-project/opensearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1668370f4091d14b4e74ad0e9b25c70ccbc5bf7fb7d97f535212ce2289e71347 The package @opensearch-project/opensearch was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3494 Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vime-azl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...

MAL-2026-2961 Malicious code in apple-internal-security-poc-frank (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10f171ab8af350f288bde3dca0a4c5741b840ed376b0022602322fd7b8b6341f The package apple-internal-security-poc-frank was found to contain malicious code. Source: ghsa-malware...

An AI Agent Execution Environment to Safeguard User Data

AI agents promise to serve as general-purpose personal assistants for their users, which requires them to have access to private user data e.g., personal and financial information. This poses a serious risk to security and privacy. Adversaries may attack the AI model e.g., via prompt injection to...

Malicious code in mailcraftjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27f66d32585597a7eeaa611a0c5f0fd20ee5a035d98d00ace5c0a333ae36b5be The package mailcraftjs was found to contain malicious code. Source: ghsa-malware bc9eb14094700cd30fbd04c4f4b7e75c8971e1ceb5442320dba55befe0fdccb7 An...

MAL-2026-2848 Malicious code in @than-xs/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c613873d188e4ec1b5e30520478eb5e162c8f2b10cad3dd50e0973d9ca925034 The package @than-xs/libsignal-node was found to contain malicious code. Source: ghsa-malware...

Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market

The UK designated Xinbi Guarantee as an enabler of crypto scammers and human trafficking weeks ago. Telegram is still hosting it in plain sight...

Malicious code in mdb-react-sortable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 221ae0ca7ee784d6ab2d9bb463b65dc3d998114b51b3dd7a4f3585ef2b1ed11a The package mdb-react-sortable was found to contain malicious code. Source: ghsa-malware...

A $20 Billion Crypto Scam Market Faces a New Government Crackdown

The Telegram-based Xinbi Guarantee black market sells services that help prop up scam operations. British officials just hit the highly lucrative marketplace with sweeping sanctions...

MAL-2026-2217 Malicious code in @rexorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a10d1a86c535852318ad135eca1236f436ad942657df6107d1e1e8a117faf42 The package @rexorg/config was found to contain malicious code. Source: ghsa-malware d3c7f7c6129d24b5a4ee9f95be492524854c16742b8b538f33972fea399c64f5...