Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Malicious code in sonic-config-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2385b46fee4fb7241c2f3f692934017f39660c9694b98b92cbe3dae6555e5b05 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-49088 Malicious code in nodemonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29d8b4f06839f74e9f9553ef061c6a797169cecd0b6b28b4ddf1e0fad6252f0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12317 Malicious code in oe-extract-idss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2371553e5caae552a4c2fabb7f8d616fde924ba3f292bbc4073715251602efa8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...