311553 matches found
MAL-2026-4281 Malicious code in project-init-tools (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4279 Malicious code in model-switch-router (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in project-init-tools (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4280 Malicious code in node-setup-helpers (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4284 Malicious code in workspace-config-loader (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4276 Malicious code in build-scripts-utils (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in node-setup-helpers (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4277 Malicious code in dev-env-bootstrapper (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in async-pipeline-builder (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in model-switch-router (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in token-usage-tracker (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4282 Malicious code in prompt-engineering-toolkit (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in build-scripts-utils (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in workspace-config-loader (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4275 Malicious code in async-pipeline-builder (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4278 Malicious code in llm-context-compressor (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
MAL-2026-4262 Malicious code in solidity-build-guard (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be62d73f7e4a6307ec5f0bac9b9543f9d73da696a4e67233057f77fd3cb6481c On import soliditybuildguard, the top-level init.py lines 11-24 shells out to curl to download a JavaScript file from a personal GitHub Pages URL...
Malicious code in cryptowallet-safety (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d On import cryptowalletsafety, the top-level init.py lines 13-21 shells out to curl -sL...
MAL-2026-4632 Malicious code in orca-website (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...