311862 matches found
MAL-2026-3295 Malicious code in ally-antivirus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5527c47f32b162abebfbbb8a15c8871ef050e5e0b07f8096b573cab2e6dfec The package ally-antivirus was found to contain malicious code. Source: ghsa-malware 094da0aa0245426ad224e9b2a072377a3c07bfc191bc3fab1d2060cdeaf79387...
Malicious code in @breeze-ai/ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ca524608c9ab3d41715be26a354c2a643216f0bb79c8aec50de4f5e6b6ee523 The package @breeze-ai/ui-library was found to contain malicious code. Source: ghsa-malware...
Malicious code in apcyber-test-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4386e2b20fb74fe5b131a23550b9550b4539a3f79056ea8ad08f502453409737 The package apcyber-test-package was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3290 Malicious code in @allyfinancial/allyfinancial-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 274ff2ac2c7d1051fa268e63d390bb70d6b731bcdaebb94f87251067b62d37af The package @allyfinancial/allyfinancial-api was found to contain malicious code. Source: ghsa-malware...
Malicious code in ally-badges (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...
Malicious code in ally-ccapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b70ba9950b3624a3cb0afb844592910fe317569f314fd6681870857d638b1cfc The package ally-ccapi was found to contain malicious code. Source: ghsa-malware c3a850b3a4466c4cc00dee663a54c3bcc8a23c9c74e5e01a9b14f27b616d9934 Any...
MAL-2026-3242 Malicious code in sf-vmeval-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...
MAL-2026-3236 Malicious code in aocl-sparse-v3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10c555ef158bbcd1dd710fca14862d1cad9ad87ed4f4c35bf9c51d0a8a4fcdac Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3219 Malicious code in tns-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 186bfba0931ba063bd6e71325785b97c646cbfaaf91c4dca876653673d29c0cc Package is prepared to exfiltrate environmental variables. The wording used clearly states it's part of a campaign targeting cryptocurrency users via malicious...
MAL-2026-3216 Malicious code in httpx-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5d3d6ca7ec9867abcf3fb8a0170ca44801107a64fb1ff7f9aa437dd7b1f59845 During installation, package downloads downloads and executes next-stage script that then downloads a Sliver beacon and establishes persistence via a systemd...
MAL-2026-3307 Malicious code in browserslist-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f700f90f8bd70ca869ddaf27285327f5a926c28ac9d80cd5c8cad3ac25bb25ab The package browserslist-db was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3308 Malicious code in common-roles (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f602ee3e4db38c8befaab761a5f06c83f1a48c33822478a3ae25e315fcd337a2 The package common-roles was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3212 Malicious code in chalk-fancy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b86a641eb2b6239d8a88849df88a1a148fa5380e3c8767dc59915edb295ef5b3 When used, package exfiltrates sensitive environmental variable. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in apple-internal-security-library-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3209 Malicious code in apple-internal-security-library-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3310 Malicious code in gweb-build-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e936ec36e6d3de012d7e5815e450c5339f9e297b8b605bb7ccc64a441fd0d5ef The package gweb-build-system was found to contain malicious code. Source: ghsa-malware...
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
EUVD-2026-26474
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...