Malicious code in scan-only (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...

EUVD-2026-36795

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

Malicious code in bodega-sdk (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

MAL-2026-5783 Malicious code in vault-strategies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...

Malicious code in goreleaser-run (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2733e0c086915d44eb8c971575087d9260bf1133d62da63920b578cf7e60c30 Package impersonates the legitimate goreleaser tool name goreleaser-run, homepage spoofed to https://goreleaser.org; goreleaser is not officially...

MAL-2026-5614 Malicious code in janus-erc20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 728f3d5af5a999be016a49283fff2c5cedc0c5df445d2f078f1f9817dde22334 On npm install, postinstall.js harvests installer secrets and POSTs them to 193.203.169.109:8443/c/janus-erc20 over HTTPS with TLS verification...

MAL-2026-5606 Malicious code in chai-dec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fbe1098e3267cf9e98fe2591e27b58f87fb44ca8c5475a5fde64fed8c2dd1c3 chai-dec impersonates the chai/pino ecosystem package name rides on chai; package.json keywords and exports — module.exports.pino = middleware —...

Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

MAL-2026-5556 Malicious code in janus-flow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d33c10c068a69d14d0333b93de7745caffd62013c57de6c55f20a6b53ffdcb1 On npm install, the package's postinstall hook node postinstall.js 2/dev/null || true silently runs a credential harvester against the installer...

MAL-2026-5357 Malicious code in farming-tools-12 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, same aicrypto-xzggg publisher and "Core utilities for blockchain development" description as swap-sdk-87/defi-tools-39. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env +...

MAL-2026-5359 Malicious code in swap-sdk-87 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Inflated version...

Malicious code in wallet-sdk-9 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh/idrsa+ided25519+Sol/Eth/BTC/Tron/Sui/Aptos wallets+.env+seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Campaign now...

MAL-2026-5356 Malicious code in ethereum-kit-9 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh/idrsa+ided25519+Sol/Eth/BTC/Tron/Sui/Aptos wallets+.env+seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Campaign now...

Malicious code in crypto-utils-7 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...

MAL-2026-5358 Malicious code in solana-core-4 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...

The Clock Is Already Ticking: Why Post-Quantum Cryptography Can’t Wait

There is a question I have been hearing more and more from CISOs, compliance officers, and security architects over the past year. It does not start with "we had a breach" or "we failed an audit." It starts with something that sounds almost philosophical: " Are we quantum-safe?" A year ago, that...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device produced by Acer of Taiwan, China. The Acer M6E has a security vulnerability, which stems from the IDOR vulnerability in the summary service endpoint. This vulnerability fails to verify the user’s ownership of the hardware serial number,...

Malicious Package

Overview opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those legitima...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Investimentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

Malicious Package

Overview sicoob.sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package. To maximi...