248 matches found
Malicious code in @antv/g-plugin-rough-svg-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-webgl (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/f2-wordcloud (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4036 Malicious code in @antv/l7-core (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in mistralai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @tallyui/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @uipath/solutionpackager-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64274b915ff6e2c5965c334cc5b2a7dca56efe8c3021c83e45d0269a9391345f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3566 Malicious code in @uipath/platform-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89f494a30a8fe1637198b531a2c267ebb3aedf5d0c537afc1f12ea2186ef1d1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3556 Malicious code in @uipath/orchestrator-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d967b0f36daf789de288eb36c97c6ab5c9de25bad34a8d4866954e495d7303dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in safe-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd0e257c2958e16d803f002f996ebb83aae4ecc32bf71320bf985b936996e634 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/codedagent-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaec2ac4b4efbc449a39049c2d3793dd5f3c4fc4737957ba4e70f35fb6c13903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is "@vietmoney/react-big-calendar," which was uploade...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-hulud supply chain attacks. The malware functions as a self-replicating worm that spreads via npm dependencies to compromise developer environments;...
Malicious code in @lokeswari-satyanarayanan/rn-zustand-expo-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe3bd99e2f11ab8bb09a9086c4dca8af56372031492ed11d90f1e32a0e8f53 The package @lokeswari-satyanarayanan/rn-zustand-expo-template was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/toolbar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03a495471a804035cd3e91e35335246931ccea65636ad279226ab2a39b0f1283 The package @oku-ui/toolbar was found to contain malicious code. Source: google-open-source-security...
Malicious code in pkg-readme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfc479ddf04c9b4dccdd1b190ab6a553b8b70b35dd010db9a2f6facee0990c78 The package pkg-readme was found to contain malicious code. Source: ghsa-malware 1367f46db577db5123a8d208e0f5d172747a39e623e7c33db0a7e240d28f9d2a Any...
Malicious code in @dev-blinq/ui-systems (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ce530512b608913637db50ce0058d08d5afb8173c8b5968023c9b9665bcde49 The package @dev-blinq/ui-systems was found to contain malicious code. Source: ghsa-malware...
Malicious code in @oku-ui/portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0711033d654f75b42d8959721555bcf5aa5fb766ccc12b6e89c56eef0d8cafd The package @oku-ui/portal was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/verror (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b5a50b0295fd87094117e38841e99bba0c11d47626ee9ced19ea9e7547d08e The package @voiceflow/verror was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a8c6b88ad67d8ceece37df9641f6712f7047aa566957d0937eb3ca99aed10dd The package @voiceflow/runtime was found to contain malicious code. Source: ghsa-malware...