54 matches found
MAL-2026-4566 Malicious code in fpjson-lang (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38aca097f261c15ef9901f259883679e2d4308d6e4053099643c8befe9a14318 package.json declares "preinstall": "./bin/install-deps", causing npm to execute a 954KB packed Linux ELF binary on every install. The package...
Malicious code in aonote (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df30872a579b6ce2419993ff9bad621f42347097dd43551a26583223e6a98a7b package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976KB UPX-packed Linux x86-64 ELF sha256 36abd242... shipped ...
MAL-2026-4715 Malicious code in weavedb-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...
Exploit for Embedded Malicious Code in Tanstack Tanstack\/Arktype-Adapter
Simulasi Supply Chain Attack — CVE-2026-45321 TanStack Ed...
Malicious code in banana-stand (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab14273a518e66f357d229806e82cb2f4ce211cae4bc5de0f2d15eeab67fb720 On npm install, the package's install lifecycle hook runs node index.js, which loads lib/core.js. That module reads os.userInfo.username, os.hostname...
MAL-2026-4493 Malicious code in axiosqqq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...
MAL-2026-4651 Malicious code in pulse-axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c64dad53e23f7fcba3813e9ae6caee3f9461f5e52194165da668e5332e78bb99 [email protected] declares a postinstall hook node./lib/core/eval.js that on npm install issues fetch'http://localhost:3000/download/data', reads th...
MAL-2026-3751 Malicious code in cache-poisoning-pwn-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dacd21af4f62dd3183bfc4126d1cbcf18600a1c72301b7ae8ca401ec7e44f94e The package's postinstall hook node -e "try require'./dist/postinstall.js'; catche " loads dist/postinstall.js, which bundles a poisoned is-number...
MAL-2026-3342 Malicious code in runtime-readout (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db23da97c424ee374983aaaa3b955d423abe32f91c024f372142dc234ae522d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3250 Malicious code in rostilesolver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2549 Malicious code in python-aickerso (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d1d7d33d48c083d0e17d3a3698d815f66dffb070f743e030278059a558c5e6fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2503 Malicious code in genesis-1p-tools-rpm-bundle (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d7a13386739eb38301be183f8fafa0281beef0adc59037619ca870c2b075cd58 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in pacbot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 77976a83e69cb239c03d7d5f13eefeaa61eaae708c066a584609d8b7d8a932bd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2185 Malicious code in hy-api-utilities (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e47cae7d998d465d8ad1e4944051a42ee3cbf939476004154800628a94b828f3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2171 Malicious code in globally (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1f2d16dd9f9dc8f8c54504946e96b931fab9f6c893012e17b0c03dd531c49f5b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2172 Malicious code in v2-8-3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b90faec9a57b74163b9282007ed27f9602abf0d5307115928eb4ca75d98f8c72 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2145 Malicious code in compose-rl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d7bb3250324aea46c0121883650a393aeee3569ba3a3a8f202530bdc523a5735 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1286 Malicious code in demozecosse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2026-1284 Malicious code in demozecosso (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ca3839025ccad67334436cff10b99fc2c407515ed2d9a4e146d11b253b356c8a Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2026-843 Malicious code in requests-core-plugin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f7d809caa4cb4961377b3c02a06f90ce19136a36297191248a8c6cd289a809f2 During installation, package loads obfuscated code that then downloads and starts an executable. The final executable is identified as malware and appears to...