220 matches found
Malicious code in @pcldpvkoewpogw/testhacker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75fc3a0b4dc467bfee8bcd715fb5eef861c97aaa7f933a04dc5ac6922af1b8fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @polka-ui/reco (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 748e9209b5841d7276bc8325c476b21c3061fdc37dc9db0280f033ba9badc8c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-typeguard-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f74d71bf9db34dbac382712020acc0d441e7921053f6664204f5bbff1906b96f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dev-env-bootstrapper (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-3578 Malicious code in @uipath/tasks-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1924ebd0e25a511d934e9103d324a7e11db5dfad8820ff2a1f71d31ebd8eb8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3497 Malicious code in @tanstack/vue-router-ssr-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 925332e137c53fc83198f6ce65ec615c060124cbd8d1a5b23b9186c6494dbfba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in shopify-draggable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f631da0153ed8da6498d0662d71d654389a24327b946635a3664d0de9d20b03f The package shopify-draggable was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2995 Malicious code in color-studio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d197fd4183100bf9c61d06d5f63aea39f8b61429628f3a13522d8b511a0482bb The package color-studio was found to contain malicious code. Source: ghsa-malware 3ea22c97ba975ced2d26e899fe9ac900d3e1df68314536f95416cf2b03b65472 A...
MAL-2026-2672 Malicious code in ahmed_salem_ph (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45bfa2da9e04507b1c6e4fbde5f9ce1d57ce0f499596b2fafc61afb4d544fc4a The package ahmedsalemph was found to contain malicious code. Source: ghsa-malware 911051e187786828f6d65957478aad7f1c354940c6ee7f425dc8a779e4c9e039 A...
MAL-2026-2575 Malicious code in @ascend-ops/web-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57ec262f68b9b9bd081ce675c1eb28e56c6c630c03cf1ecb680e5b56035f0aaa The package @ascend-ops/web-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2620 Malicious code in upstartportal (npm)
Collects system info, reads sensitive files, and exfiltrates data to a suspicious host. Multiple YARA matches confirm malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 932dee0dcf84fc1044efb1ec35950d6102fcbb5122f26cca5e2b1f13eb599729 The package...
Malicious code in strapi-plugin-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 322f1a7c9723db125a9be39dcb3f897ca2f65146b7b71874bb3ec26a4825d521 The package strapi-plugin-cache was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2322 Malicious code in bs58-basic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56502a3bb31374f7cf0d79d8abc98ccac595ca94fe2b9720daeeb9217901c9e0 The package bs58-basic was found to contain malicious code. Source: ghsa-malware 5101b36fd690268aa870c7d458d29e404540f3d3cc29dd19404137ca9f618f56 Any...
MAL-2026-2320 Malicious code in base-x-64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2486f9bad36944300cb58e1a73a370afef7be10040daf814861d1b1a6287cdb8 The package base-x-64 was found to contain malicious code. Source: ghsa-malware d09ca9d36cb3821dc878f97db3b7e8ddef6f5f8e390373492186d10b668718f3 Any...
Malicious code in axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...
Malicious code in transform-es2015-duplicate-keys (npm)
The package 'transform-es2015-duplicate-keys' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1571 Malicious code in transform-modules-systemjs (npm)
The package 'transform-modules-systemjs' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in typescript-validation-schema (npm)
The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1312 Malicious code in iron-overlay-behavior (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1c6c5a0c7da957deff9af5f6e981a6d5cf588394ad85aaaa9456657d49604e The package iron-overlay-behavior was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1162 Malicious code in xpack-test-3.0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4fcebf35e85158afa53ce21da1265a4c3acac20914c4c76285d9043ac3a2d62 The package xpack-test-3.0 was found to contain malicious code. Source: ghsa-malware 825d559cd29d6d2efd0f89583e84f31a7b471bfbc3376252e71872d8f9863d87...