3 matches found
Malicious code in git-userhub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 859f77ac10aa89722823e0477f8f6986db2b54dd25b1b2aedb05ee31d5891071 Package name 'git-userhub' is a lookalike of a GitHub-related identity, with no legitimate publisher backing. The package.json declares a postinstall...
MAL-2026-905 Malicious code in marshmellows (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 92a41b4a9b9f5733eae9cfa5ca9c6802d52d803a1835820ee5098f58419fc18e Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...
MAL-2024-12221 Malicious code in blz-test-package (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 01f2433c1d8bc3c461a9580e06ffcac55e0d5e79ac651f1326c6ddd10114a544 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...