311863 matches found
MAL-2026-2618 Malicious code in upstartdr (npm)
Package is malware. It steals credentials, system info, and exfiltrates data to a remote server via a postinstall script. High confidence. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6563c7981cb66eadd2e5e9afe7b2957682f62c767cdfbe4258048c628758525 The packag...
Malicious code in upstartadmindashboard- (npm)
The package is a malware. It exfiltrates system info to a hardcoded domain, collects sensitive data, and executes suspicious commands. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0760e39fa3fc4d272de9fb78decddc3a25ae673efe12e9bff4e8d9f28ee5c55 The package...
MAL-2026-2615 Malicious code in upstartadmindashboard- (npm)
The package is a malware. It exfiltrates system info to a hardcoded domain, collects sensitive data, and executes suspicious commands. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0760e39fa3fc4d272de9fb78decddc3a25ae673efe12e9bff4e8d9f28ee5c55 The package...
Malicious code in upstartloans (npm)
Collects and exfiltrates sensitive data credentials, keys, history to p1s.uk with disabled SSL validation. Suspicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a1d5c610e0cc5ec6be53b8d0d986d5ddef30937d04c977998db4c2d4b0be908 The package...
MAL-2026-2619 Malicious code in upstartloans (npm)
Collects and exfiltrates sensitive data credentials, keys, history to p1s.uk with disabled SSL validation. Suspicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a1d5c610e0cc5ec6be53b8d0d986d5ddef30937d04c977998db4c2d4b0be908 The package...
Malicious code in upstart-lending-status (npm)
Package is malware. It steals credentials, collects system info, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 627a2802a53ad7eb751fcac4b0a43245c6b0bf9e667db77051758b24d8bc4d96 The package...
MAL-2026-2611 Malicious code in upstart-lending-status (npm)
Package is malware. It steals credentials, collects system info, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 627a2802a53ad7eb751fcac4b0a43245c6b0bf9e667db77051758b24d8bc4d96 The package...
Malicious code in upstartapplicationstatus (npm)
Package is malware. Collects and exfiltrates sensitive info SSH keys, credentials, env vars via insecure HTTPS/HTTP after install. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e154270d6b3540f095f5fc77ab1167448e967009cbb719f6fc087c32fadce15f The package...
MAL-2026-2616 Malicious code in upstartapplicationstatus (npm)
Package is malware. Collects and exfiltrates sensitive info SSH keys, credentials, env vars via insecure HTTPS/HTTP after install. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e154270d6b3540f095f5fc77ab1167448e967009cbb719f6fc087c32fadce15f The package...
Malicious code in upstart-loan-status (npm)
Malicious package with postinstall script exfiltrating sensitive system data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7850b2e1fe8a8eeebd2a8593220743deeacbed610ada8e460fcd15bc51c732 The...
Malicious code in upstart.previewcss (npm)
Package is malware. It collects and exfiltrates sensitive data SSH keys, credentials, environment variables and system info to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd2d5c329f24c54ca68ce21884867d6b4db6ae64d0e2041af60deb2203cc8830 The...
MAL-2026-2614 Malicious code in upstart.previewcss (npm)
Package is malware. It collects and exfiltrates sensitive data SSH keys, credentials, environment variables and system info to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd2d5c329f24c54ca68ce21884867d6b4db6ae64d0e2041af60deb2203cc8830 The...
Malicious code in pinstatsd (npm)
Package is malware due to data exfiltration to multiple domains via DNS and HTTPS, along with a suspicious preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b13ae52dde0a4efddd6d12bc4795b77da5433cb750b4ddb852f1aca27ea457e The package pinstatsd w...
MAL-2026-2654 Malicious code in pinstatsd (npm)
Package is malware due to data exfiltration to multiple domains via DNS and HTTPS, along with a suspicious preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b13ae52dde0a4efddd6d12bc4795b77da5433cb750b4ddb852f1aca27ea457e The package pinstatsd w...
Malicious code in pinlogger (npm)
The package is a malware due to system info exfiltration via DNS/HTTPS to OAST domains and arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e78bb72f47ecca78511d87a17bea5f38fb4897dbc117433dfd7667cd97a51d0 The package...
MAL-2026-2653 Malicious code in pinlogger (npm)
The package is a malware due to system info exfiltration via DNS/HTTPS to OAST domains and arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e78bb72f47ecca78511d87a17bea5f38fb4897dbc117433dfd7667cd97a51d0 The package...
MAL-2026-2876 Malicious code in unisys-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f0369680ea400c89b8ab01dfc75f7a7df45c8a26bfc5631a636770ccf32c9ed The package unisys-common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2877 Malicious code in unisys-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c759e3a9b4c256239f0ec3be5b97424efc8191d317d82feb632b84e77d6c46eb The package unisys-core was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2875 Malicious code in unisys-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89bc257f69dca8cec54b15b47533c97f9b6b47f16aae5f2dc868ff7faaf0c93b The package unisys-auth was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @b2b-portal/uch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eb419e1f7beb102007973e2d226cb2cb5f534096cbc2be8dc538324f3f19db The package @b2b-portal/uch was found to contain malicious code. Source: ghsa-malware e559f0d2d934ad98bda8c11ca6613644ecf3f2584bee7e75c7edf59ecda35d3...