NPM: Compromised version of intercom-client published to npm

NPM: Compromised version of intercom-client published to npm vulnerability discovered by ? in WordPress Npm intercom-client versions 7.0.4...

@kyoji2/intercom-cli (>=0.1.0 <=0.1.6), @types/intercom-client (=3.0.0) +2 more potentially affected by unknown CVE via intercom-client (>=7.0.1 <=7.0.3)

intercom-client NPM version =7.0.1, =0.1.0, =3.0.14, =3.0.31 Source cves: unknown CVE Source advisory: OSV:GHSA-54PG-9963-V8VG...

Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

GHSA-54PG-9963-V8VG Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

Malicious code in intercom-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6931321619f69c7d1da208b4dffb8162d8ef83b0c9ee16539a8d8620ccbcc The package intercom-client was found to contain malicious code. Source: ghsa-malware 2d01b1077a26ddef79a7421bd98e7e2e9dd6a8d2447f41c2cfe3fb5e35f9631...

@kyoji2/intercom-cli (>=0.1.0 <=0.1.6), @types/intercom-client (=3.0.0) +2 more potentially affected by unknown CVE via intercom-client (>=7.0.1 <=7.0.3)

intercom-client NPM version =7.0.1, =0.1.0, =3.0.14, =3.0.31 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3204...

MAL-2026-3204 Malicious code in intercom-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6931321619f69c7d1da208b4dffb8162d8ef83b0c9ee16539a8d8620ccbcc The package intercom-client was found to contain malicious code. Source: ghsa-malware 2d01b1077a26ddef79a7421bd98e7e2e9dd6a8d2447f41c2cfe3fb5e35f9631...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publish tampered versions of the deep learning framework. Malicious Behavior The execution chain ru...