Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

Malicious code in @rockawayx/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e286c45b54ab9002ef8b7eec7ec686afc0bb82c2867c3640c460c8d1052b2bab @rockawayx/utils squats the unclaimed @rockawayx npm scope and runs a preinstall beacon on every install. package.json declares "preinstall": "node...

Malicious code in @cloudplatform-single-spa/svp-vdi (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4967 Malicious code in @cloudplatform-single-spa/security-groups (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4899 Malicious code in @cloudplatform-single-spa/container-registry (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4629 Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

Malicious code in obs-migrate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ecb04d891693e925c9055e0b5c5844ebb6cf8c210000e9905bf892ab7d0674d7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4662 Malicious code in rendezvous-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4a03eaa6b09e5b9e291dd450f58e49a639c3efd8fa952f5ac48f9aea04aba4 On npm install scripts.install runs node index.js and on require'rendezvous-js', lib/core.js collects os.userInfo.username, os.hostname, and the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fsnotify: Do not generate ACCESS/MODIFY events for special files in child processes. inotify/fanotify does not allow users who have no read access to a file to subscribe to events e.g., INACCESS/INMODIFY. However, it allows th...

MAL-2026-3701 Malicious code in api-request-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in solana-wallet-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0fafa4851b72650b6cb905d88ab0e9ac73276e188d44bf1ff2cb010eb6945c59 Code pretends to be a crypto utility but exfiltrates given private key / seed --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-3366 Malicious code in runtime-vitals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5e056ef78ad47697156c0dce0819370ffc74bb450e226bfb2bf934651b5836b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3175 Malicious code in bbranger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9cb5c90bcde5bf7b63607d4bf5e7be1ccb7b5c9eb2eb92e32dab102be5df3687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3095 Malicious code in bytedpymysql (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95b665975b64f2f75bd01fbff31dbebfbc78c7352ccc67f3ddb64fc955e81d63 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-41060 AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isSSRFSafeURL function in objects/functions.php contains a same-domain shortcircuit lines 4290-4296 that allows any URL whose hostname matches webSiteRootURL to bypass all SSRF protections. Because the check compares on...

Malicious code in neverinstallme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a369ecd7616b1dcdbeeca091c3b5bb9df2096c863fe89e9b45154708d5453a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in python-aickerso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1d7d33d48c083d0e17d3a3698d815f66dffb070f743e030278059a558c5e6fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in gd-auth (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 baa9851d66a8d40c23baf029f186e4f8f5366381dadb2d3ecc8cb9420e5e3997 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in noonhelpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2cb54ce39fd435f904d72dbbb5eef46166291adcd5106ea8d74d3c3c66aa3a5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in st-payment (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bcf8605142a71ab3977537d339f48dfc102fcb49ce37c8f6b74c6b8af38988d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...