@actbase/react-native-kakao-channel contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

@actbase/react-native-kakao-navi contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

EUVD-2025-198883

Malicious code in @actbase/react-native-kakao-channel npm...

MAL-2025-190794 Malicious code in @actbase/react-native-kakao-channel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65c6154361619c2c8153e5a3035c559aafef406bd969d3178a240e0ed19d0a9a The package @actbase/react-native-kakao-channel was found to contain malicious code. Source: ghsa-malware...

Malicious code in @actbase/react-native-kakao-channel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65c6154361619c2c8153e5a3035c559aafef406bd969d3178a240e0ed19d0a9a The package @actbase/react-native-kakao-channel was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198882

Malicious code in @actbase/react-native-kakao-navi npm...

EUVD-2014-5739

Malware in sbrugna...

EUVD-2014-4822

Malware in sbrugna...

EUVD-2014-5482

Malware in sbrugna...

EUVD-2025-28876

Malicious code in bioql PyPI...

EUVD-2022-51602

Malicious code in bioql PyPI...

CVE-2025-9673

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...

CVE-2025-9673

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...

CVE-2025-9673 Kakao 헤이카카오 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...

CVE-2025-9673 Kakao 헤이카카오 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...

CVE-2025-9673

The CVE-2025-9673 entry concerns Kakao Hey Kakao App for Android (up to version 2.17.4) and affects the com.kakao.i.connect AndroidManifest.xml. The root cause is an improper export of Android components within the AndroidManifest.xml, enabling a local attack vector. Public exploitation is report...

PT-2025-35310

Name of the Vulnerable Software and Affected Versions: Kakao Hey Kakao App versions up to 2.17.4 Description: A vulnerability exists in the Kakao Hey Kakao App on Android, affecting an unknown functionality within the AndroidManifest.xml file of the com.kakao.i.connect component. This issue resul...

Kakao Hey Kakao App 安全漏洞

Kakao Hey Kakao App is a messaging app from the South Korean company Kakao. A security vulnerability exists in Kakao Hey Kakao App version 2.17.4 and earlier, which stems from improper component export in the file AndroidManifest.xml and could lead to a local attack...

@akaiv/core (>=1.2.6 <=1.8.3), @akaiv/discord-client (>=1.0.0 <=1.4.1) +3 more potentially affected by unknown CVE via minimst (=0.0.1-security)

minimst NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on minimst and may be impacted: - @akaiv/core =1.2.6, =1.0.0, =0.1.0, =0.4.0 - @akaiv/kakao-client =2.0.1 - netlify-minutes =0.1.0 Source cves: unknown CVE Source advisory...

MAL-2025-4748 Malicious code in kakao-pixel-web (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...