MAL-2026-1569 Malicious code in transform-json-strings (npm)

The package 'transform-json-strings' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1548 Malicious code in syntax-class-constructor-call (npm)

The package 'syntax-class-constructor-call' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1567 Malicious code in transform-function-bind (npm)

The package 'transform-function-bind' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1565 Malicious code in transform-export-extensions (npm)

The package 'transform-export-extensions' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1523 Malicious code in monorepo-cop (npm)

The package 'monorepo-cop' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

MAL-2026-1551 Malicious code in syntax-function-bind (npm)

The package 'syntax-function-bind' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1533 Malicious code in todo-plz (npm)

The package 'todo-plz' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

MAL-2026-1532 Malicious code in syntax-exponentiation-operator (npm)

The package 'syntax-exponentiation-operator' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1511 Malicious code in transform-undefined-to-void (npm)

The package 'transform-undefined-to-void' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Embedded Malicious Code

Overview react-native-country-select is a 🌍 React Native country picker with flags, search, TypeScript, i18n, and offline support. Lightweight, customizable, and designed with a modern UI. Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this...

Embedded Malicious Code

Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...

MAL-2026-1437 Malicious code in flowpeek (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e79fec156ab781e041d49cebd6082ee113ef98ce53945dc1a949a3a8e96fa734 During import, the code starts the embedded executable. This executable is an information stealer extracting sensitive data to a Discord channel. --- Category:...

Malicious code in kvstore-pb2-grpc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7208dedf651be9d1e330692ef042b89e5bcae7e8aeee7f2ab400d49e7a574de8 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

MAL-2026-1433 Malicious code in kvstore-pb2-grpc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7208dedf651be9d1e330692ef042b89e5bcae7e8aeee7f2ab400d49e7a574de8 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

Malicious code in python-anchor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 914b16cbc506c57a77eeed5ae14955bcf3b58fa49da92c2686b56a1d531c5268 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

Malicious code in my-super-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 58a8ef40f042f56d80d455abeb03442516dfd8ed81f462d9da071089ff82f31e During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

MAL-2026-1431 Malicious code in ariadne-federation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3eb5492b220fedd5fedb29045328e749d659aea6e38ed743f7aace2d623d07d2 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

MAL-2026-1429 Malicious code in @3stripes/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3319f763eb66b1fadca0f6bc56787fa08c4ef40209f072ba65dd6cdb628bf66c The package @3stripes/ui was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1428 Malicious code in @3stripes/lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cefc88878b1d12a39232d39387d16e564c71a9ce50047e025e7f26f848d4858 The package @3stripes/lib was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1454 Malicious code in n8n-nodes-text-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d9e6f076079fc1e5969f32f2e96bf4ee653d57d47b342f378cc857e678051df The package n8n-nodes-text-helpers was found to contain malicious code. Source: ghsa-malware...