Malicious code in py-cchttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0b88c65358ea2e0f03b3f45be2f0bb0eac44db5f4e539868b79c23fab88e1a81 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in libgamereplacemask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a6ee1a335b7912aac42e8078b24d4e327e9efbf5640e76d0c04648284a1e085a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfrandpong (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8e7113b1dfe42995a4f889912fe9057132c7d74f98dbdd643b4c8169b4df7194 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in libadstringstudy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6f7a48026fbb5621cb61650ec6a9f568106410b9b656588689d3e954bb3dde21 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-toolkill (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6332a2241be73f4a227b0ee54ee290b8eef6bef3c5cf4d255e33dfa5be13ffcd EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-visaver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3b212bd33c72fe6accf5b9bf26a8c69f0828cb93c36876c2d884e1d1a29a771b EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfstrpyw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 23186f64b90d4794a98edff00ca9b05c9413f9906b7bf2d32eaa80f494646489 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in ultramine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ba7672fff2bde674fd944fbbb04d3ba27925585113cc79e3ecefa2d96d0eed1e EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in grandsuper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 20189541ae6a6077a70c77758e2fc0cef6cbdf80b499b4710d4f50c23cd6e7bb EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

IconBurst software supply chain attack offers malicious versions of NPM packages

Researchers discovered evidence of a widespread software supply chain attack involving malicious Javascript packages offered via the npm package manager. The threat actors behind the IconBurst campaign used typosquatting to mislead developers looking for very popular packages. npm npm is short fo...

10-24-dars (=1.0.0), @alephdata/react-ftm (>=1.9.1 <=2.4.0-alpha.2) +204 more potentially affected by CVE-2021-23632 via git (=0.1.5)

git NPM version =0.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on git and may be impacted: - 10-24-dars =1.0.0 - @alephdata/react-ftm =1.9.1, =1.5.2, =0.4.120, =1.0.0-alpha.0, =1.1.7, =1.0.1, =0.13.1, =1.12.2, =1.0.0, =2.0.0 -...

1.1.0 (=1.0.0), 10f-css-animations (>=1.0.1 <=1.0.4) +1440 more potentially affected by CVE-2019-10775 via ecstatic (>=0.1.6 <=4.1.2)

ecstatic NPM version =0.1.6, =1.0.1, =0.0.1, =0.7.2, =0.1.0-beta-1, =0.1.0-alpha-0, =1.0.0, =0.4.0, =0.4.0, =0.11.1, =0.2.0, =10.0.0, =17.0.0-canary.1, =3.2.1, =4.1.0 and more Source cves: CVE-2019-10775 Source advisory: OSV:GHSA-JC84-3G44-WF2Q...

1password-manager (>=0.1.0 <=0.1.2), 4front-cli (>=0.0.1 <=0.0.20) +4794 more potentially affected by CVE-2019-13173 via fstream (>=0.1.11 <=1.0.11)

fstream NPM version =0.1.11, =0.1.0, =0.0.1, =0.2.0, =0.5.0, =0.0.1, =0.1.0, =0.0.2, =0.0.2, =0.5.12, =1.1.0, =0.1.2, =0.0.1, =1.0.0, =1.0.9 and more Source cves: CVE-2019-13173 Source advisory: OSV:GHSA-XF7W-R453-M56C...

Virus Bulletin 2018: Microsoft’s Lambert on How Cloud is Changing Security

MONTREAL – As businesses increasingly turn to the cloud and to software-as-a-service applications, they are finding themselves with new attack surfaces and new types of threats – specifically, hard-to-thwart supply-chain attacks that have the potential for large amounts of collateral damage. In a...

@afshin/custom404-extension (>=0.1.1 <=0.1.3), @apache-royale/cli (>=0.1.0 <=0.2.2) +443 more potentially affected by CVE-2018-3774 via url-parse (>=1.0.2 <=1.4.1)

url-parse NPM version =1.0.2, =0.1.1, =0.1.0, =0.0.1, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.1.1, =2.0.0, =2.0.0, =4.1.0 - @datalayer/jupyterlab-hub-extension =0.8.1 and more Source cves: CVE-2018-3774 Source advisory: OSV:GHSA-PV4C-P2J5-38J4...