MAL-2025-191106 Malicious code in ids-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050d0a8d9340c416d7410787a1a7b2c5e6cec36eb17bacecca14a2cfbcbf76c5 The package ids-css was found to contain malicious code. Source: ghsa-malware 03812dbf5f0120164f355aae423e3fad2e899eb9164b4468f7fd91844d33b35e Any...

Malicious code in ids-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050d0a8d9340c416d7410787a1a7b2c5e6cec36eb17bacecca14a2cfbcbf76c5 The package ids-css was found to contain malicious code. Source: ghsa-malware 03812dbf5f0120164f355aae423e3fad2e899eb9164b4468f7fd91844d33b35e Any...

@ids-sandbox/npm-test (>=0.0.1 <=0.0.6), ids-enterprise (>=4.67.0 <=4.68.6) +1 more potentially affected by unknown CVE via ids-css (=1.5.0)

ids-css NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on ids-css and may be impacted: - @ids-sandbox/npm-test =0.0.1, =4.67.0, =14.3.1, =17.2.1-dev.20240108 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191106...

EUVD-2025-199146

Malicious code in ids-css npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...