MAL-2026-4489 Malicious code in auth0-templates-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc0f40b778be080e2a14dd0097ab772565cc570f5fd471f10e883f259be2db6 Package name 'auth0-templates-scripts' impersonates the Auth0 Okta brand without affiliation. The author field is the placeholder 'OpenSource...

Malicious code in axiosqqq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...

MAL-2026-4493 Malicious code in axiosqqq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...

MAL-2026-4701 Malicious code in venturo-playwright-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e63f5fe21c0fe70b9b120a217b3d1b14e765c47de231eb03d0d763c471fbd4e The package republishes Microsoft's @playwright/test under the unrelated name venturo-playwright-runner and falsifies its identity to claim Microsoft...

Malicious code in venturo-playwright-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e63f5fe21c0fe70b9b120a217b3d1b14e765c47de231eb03d0d763c471fbd4e The package republishes Microsoft's @playwright/test under the unrelated name venturo-playwright-runner and falsifies its identity to claim Microsoft...

Malicious code in genosys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2fb27cde30ea3d834e3160e37c203a1f8a271435cf92316a990766c5b8b9791c The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...

Axios supply chain attack chops away at npm trust

Researchers found that compromised Axios versions installed a Remote Access Trojan. Axios is a promise-based HTTP Client for node.js, basically a helper tool that developers use behind the scenes to let apps talk to the internet. For example, Axios makes requests such as “get my messages from the...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan by injecting a hidden dependency named plain-crypto-js. RAT Behavior The injected plain-crypto-js dependency automatically executes an obfuscated postinstall...

Embedded Malicious Code

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan RAT and whose content was removed from the official package manager. A malicious actor...

Malicious code in ethrpc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b1eff108aebd0c94cd1b2c9dd2321060f61236e0dbf655c62f729169dcd5d5b3 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...

MAL-2026-948 Malicious code in ethrpc-accounts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6372ce82342ae30022a83501fc348d1c63ec3cb27b19dba0678430efdfeeb077 This package is a clone of legitimate eth-accounts. The malicious code is hidden in the dependency, ethrpc-keys, which exfiltrates private keys. --- Category:...

Malicious code in multis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d8dd7fcb7e4ce42262ad3ce89ed580a46e9a2f979c4e2c9db668fb374ae452b8 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...