Lucene search
K

5 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 9:10 p.m.14 views

Malicious code in mailconfirmer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb184ffa15fd011b84658a6b5cd68582e78827258a8373f0da1ef34248bfb09 The package advertises itself as an email-confirmation utility, but index.js contains only no-op stubs that console.log demo messages. The real...

5.6AI score
Exploits0References29
OSV
OSV
added 2026/06/09 3:16 p.m.9 views

MAL-2026-5342 Malicious code in kecak256 (npm)

kecak256 is a typosquat of the popular keccak256 package one c dropped that ships a credential-stealing payload executed automatically on install. The package spoofs the legitimate keccak256 project — author "Miguel Mota", matching description, README, and keywords — and includes a benign decoy...

5.5AI score
Exploits0References2
OSV
OSV
added 2025/12/19 8:23 a.m.3 views

MAL-2025-192659 Malicious code in hidden-powershell-runner-ax7 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5785c01837ec1727b89125cf1a3fec3ad941c4ff0b1246d8d16fec1dff53223a Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/19 8:23 a.m.10 views

Malicious code in hidden-powershell-runner-ax7 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5785c01837ec1727b89125cf1a3fec3ad941c4ff0b1246d8d16fec1dff53223a Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

7.1AI score
Exploits0References2
EUVD
EUVD
added 2025/12/19 8:23 a.m.3 views

EUVD-2025-204526

Malicious code in hidden-powershell-runner-ax7 PyPI...

6.6AI score
Exploits0References2
Rows per page
Query Builder