Malicious code in byteclaw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3fe21c4a32b814a0b46b75a26033bae1f40e1caa237e394842aff14639b7aaec Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedvod (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b90eec61e5e2a472f910011acc1e66e407b4a240e907ac74289221e1a5e83f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedbackground (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab2e307770a6b144edad3254d316375ed3cdad0a56f21438b28bcc0f1a17fcb9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in @clearpool/streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector febaceb862fd80f68bdcefbbed2667f056ba0b09cc0607d92962dd0d1c2a8b5d The package @clearpool/streaming was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3056 Malicious code in @clearpool/comms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f79c0a598ffe54e6eba22b90afd0c9bbb902c3086178c2ea2a9227e002e399d The package @clearpool/comms was found to contain malicious code. Source: ghsa-malware aac3d8fce06f495311a581ee9a8f6acf42b7ea35162b9a3387ad6040adfef4...

Malicious code in swisscom-ai-research-keyphrase (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e11009ce6f39424ab9bbe1470888a9f5be4f1252dab4c82a03d684d372eb7cc9 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...

MAL-2026-3070 Malicious code in @tw-marionette/clipboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9309f16e4a8a15191279d206290e2ab8f8dfa9daeae0df7b92c09bc9a1d726e4 The package @tw-marionette/clipboard was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3043 Malicious code in rosolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0904af239ce7e030d9cde78de066412fb3942a4b12ea8be5c5d45681417230fc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3062 Malicious code in @google-pay-trust/cancelled (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b7b08b4a3e94724e2b15686c111c5633ab73daf6f54dbcc7b758b91cfa3797a The package @google-pay-trust/cancelled was found to contain malicious code. Source: ghsa-malware...

Malicious code in @google-pay-trust/finish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd69ccad4854f078fe0d815a4f14a1b8ef69fd62704fbf4be49710a2c3926b2 The package @google-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3055 Malicious code in @apple-pay-trust/validate-merchant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e899c9f267696289778cbf0c2c4f8da289e47bb3bce95ffa4fa4e3fe290722 The package @apple-pay-trust/validate-merchant was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3036 Malicious code in uipath-ui-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa9d3ca9b9ac28cb9fe47c84a695d8905ac59aacc352dfe23dfe6bf85464c481 The package uipath-ui-widgets was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3079 Malicious code in axis-ui-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898e7e6953d0a1f5efd906c36d9a6c798f0dce58017ac54df6e1b09bd26dd6d1 The package axis-ui-generator was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3076 Malicious code in axis-abc-search-address (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12745094744214b57071e8ace8ee7d5ee3f9be6e7d29d338bb4bbd01842f2705 The package axis-abc-search-address was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3075 Malicious code in axis-abc-search-account (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 940253e64eab64d76178b547ceb87731aad0dbba1ca1f988571af776564c891b The package axis-abc-search-account was found to contain malicious code. Source: ghsa-malware...

Malicious code in axis-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341ed22195f4a5533e72c654980bb1eecb5d0fb91c70a5132ca728978d68de54 The package axis-notification was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3078 Malicious code in axis-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341ed22195f4a5533e72c654980bb1eecb5d0fb91c70a5132ca728978d68de54 The package axis-notification was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3077 Malicious code in axis-charts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2948113b9e8ba2a0eaf9f07de49e63efdcdb91450acb69c6e5c9da9e2f982eb The package axis-charts was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3083 Malicious code in elementary-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...

MAL-2026-3065 Malicious code in @m0ntana/app.web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffd5d049b453ec288428ae1c5b369effbc0397e753720aeb3900a746bb83519 The package @m0ntana/app.web was found to contain malicious code. Source: ghsa-malware b7fdecb35a1116b81d1340d7d6cc748a050b4dde46beb279a40f6e049955ca...