MAL-2026-3365 Malicious code in @b2bneo-rest/api-csf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea4a9f32d6857ac3e548ca117915efd6694039bbc344390f1758f12291776817 The package @b2bneo-rest/api-csf was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in quicklytookerv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in 24712-plv2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2611781f2d1097ad72abff46b985c85ced20dc7e9f5f8883adbd3e5f394397ee The package 24712-plv2 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3355 Malicious code in playwright-atoned (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 250795bc04569c6f87e372e4b6bed019148a1c78f4357e8e430c1865acfead07 The package exfiltrates sensitive data like local environmental variables and cloud tokens --- Category: MALICIOUS - The campaign has clearly malicious intent,...

MAL-2026-3354 Malicious code in playwright-acustomed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b21055de687ebac89fc9e5697c34b70cc910702d263b841399783f75b139bd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Attackers adopt JavaScript runtime Bun to spread NWHStealer

In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers behind this stealer are continuously finding new methods to distribute the stealer. During our hunting activities, we noticed how attackers are using a JavaScript runtime called Bun to help distribut...

FluentCMS TextHTML Plugin Cross-Site Scripting Vulnerability

FluentCMS is a .NET-based content management system CMS that is primarily used to quickly build websites and manage web content. A cross-site scripting vulnerability exists in the FluentCMS TextHTML plugin. The vulnerability stems from insufficient validation of user input and failure to properly...

MAL-2026-3345 Malicious code in deployment-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1345a90cd18e2bfa245f91057cca34707e7d325f4318263176d9fbcef25c1a The package deployment-core was found to contain malicious code. Source: ghsa-malware eca5b6ddf4f0df1086d272518f3383c140b5641ecf506100d93a352e2135441...

Malicious code in deployment-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1345a90cd18e2bfa245f91057cca34707e7d325f4318263176d9fbcef25c1a The package deployment-core was found to contain malicious code. Source: ghsa-malware eca5b6ddf4f0df1086d272518f3383c140b5641ecf506100d93a352e2135441...

Malicious code in generator-go-circleci (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff938c3edbce8d3776448005a489240ddb234790867c0c0d34109efb170e9fec The package generator-go-circleci was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview bpmn-studio is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious code in @atlan/connectors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22a96e40cb459d89624b2ce0705942ad4d54d8279e780c66fe2d2fa3f727cef1 The package @atlan/connectors was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bold-commerce/stacks-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cc580455dc6abd5d1a25634543e82bc51cf855c3494024397eb17d4c7fc1eff The package @bold-commerce/stacks-ui was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3344 Malicious code in @bold-commerce/stacks-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cc580455dc6abd5d1a25634543e82bc51cf855c3494024397eb17d4c7fc1eff The package @bold-commerce/stacks-ui was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3343 Malicious code in @atlan/connectors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22a96e40cb459d89624b2ce0705942ad4d54d8279e780c66fe2d2fa3f727cef1 The package @atlan/connectors was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3340 Malicious code in trevlo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3414c71889d8ebf7ad09c9b0bf9ab63f8f6589e1e030e35e40a971b767f51ad1 The package trevlo was found to contain malicious code. Source: ghsa-malware 01d7778a4b391062b3f0b2200861fde5a0b4c750eb4ebab90d36940142ae9293 Any...

MAL-2026-3339 Malicious code in nf-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5d1fc3aadbb204f6da1c0db37a6e1b540bdcc3964bd033d5657a067d7e246cc The package nf-ui-components was found to contain malicious code. Source: ghsa-malware 4ab8cac0b0cae1864121f4fd7223e6cb7bb0168d113ece4974f94aae4e2418...

Sandboxie Plus 安全漏洞

Sandboxie Plus is an open-source Windows sandboxing tool developed by Sandboxie Plus. Versions of Sandboxie Plus prior to 1.17.2 contained a security vulnerability, which was caused by a TOCTOU race condition during the plugin installation process. This vulnerability could allow non-privileged...

`mysten-metrics` was removed from crates.io for malicious code

mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

MAL-2026-3333 Malicious code in rogiant-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 efdebb03bb05b0da602f813ad321bbc81c658ac1bec059a5a7fa73fed277a53b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...