311911 matches found
RUSTSEC-2026-0027 `tracings` was removed from crates.io for malicious code
This is part of an ongoing campaign to attempt to typosquat crates in an attempt to exfiltrate Polymarket credentials. The malicious crate had 1 version published on 2026-02-26 approximately 9 hours before removal and had no evidence of actual usage. The only crate depending on this crate was the...
`tracing_checks` was removed from crates.io for transitively including malicious code
This is part of an ongoing campaign to attempt to typosquat crates in an attempt to exfiltrate Polymarket credentials. The malicious crate had 1 version published on 2026-02-26 approximately 9 hours before removal and had no evidence of actual usage, both in terms of downloads and dependents. It...
Malicious code in ts-packer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7ed1f89788c69596bac0f4e3429cfadc252f8f2e7cc255616c6f63ad63d2eb The package ts-packer was found to contain malicious code. Source: ghsa-malware cf93507187d36aaad21ab48b27cbc91258ef6b442053c36ee60cc01adbe7e8b4 Any...
MAL-2026-1045 Malicious code in jest-node-paramset (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0195409dba352b70324fae3226921105e7658404675e2b9e8ab1e898c5bd84fa The package jest-node-paramset was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1046 Malicious code in jest-param-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92f5050070ee0637ff34403bfa22fe7464561a421a99410e084c74e1bd023b08 The package jest-param-validator was found to contain malicious code. Source: ghsa-malware...
Malicious code in neural-compressor-jax (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bb1f58a45ef1a06954d1807517faea8790a771906e95a98d571587558244ea3f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in chai-lite-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07f2fa37570e8cdb391a3cddfb304c274e9726e3803b150b309816e971577bec The package chai-lite-lib was found to contain malicious code. Source: ghsa-malware c9a6f02ff3187727ac481d692d98a5614c02e6ca28616d6a9d48e7505e63656e...
MAL-2026-1034 Malicious code in chai-lite-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07f2fa37570e8cdb391a3cddfb304c274e9726e3803b150b309816e971577bec The package chai-lite-lib was found to contain malicious code. Source: ghsa-malware c9a6f02ff3187727ac481d692d98a5614c02e6ca28616d6a9d48e7505e63656e...
MAL-2026-1033 Malicious code in duer-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6a00caf26e2e34291c939e8d0351324c884ba9d9c5b74e5cb9c8d78177a999 The package duer-js was found to contain malicious code. Source: ghsa-malware e7255816711503f7b2f4febb10e3d2d8ef36d2e3067366ece224ad3816fbf03c Any...
Malicious code in react-svg-helper-fast (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39fb02f7b438a7ec942c0fa38a79d9d1c8014a7747696a55445376fce8f8d721 The package react-svg-helper-fast was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11787dc50e16838c5d9f467010f0aaef81b3e55e916c4dd5d3fc811375994e6c The package chai-as-utils was found to contain malicious code. Source: ghsa-malware eb4208b63fd6e66931d39f1a2cd30193e87a717ce9c3ab68e5fce787d0ffdc78...
MAL-2026-1030 Malicious code in chai-as-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11787dc50e16838c5d9f467010f0aaef81b3e55e916c4dd5d3fc811375994e6c The package chai-as-utils was found to contain malicious code. Source: ghsa-malware eb4208b63fd6e66931d39f1a2cd30193e87a717ce9c3ab68e5fce787d0ffdc78...
Malicious code in sample-custom-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ade5f035c4d3f9fe74cfc0626c8ac011eeea6e88040376a03abee9cdf05290b7 The package sample-custom-component was found to contain malicious code. Source: ghsa-malware...
CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
CVE-2026-27727
CVE-2026-27727 is confirmed in multiple IBM advisories as affecting the mchange-commons-java library used by IBM Maximo Monitor Component and related IBM products. The vulnerability stems from JNDI dereferencing code in mchange-commons-java, which can allow an attacker to cause download and execu...
Malicious code in @schedaero/react-core (npm)
Multiple suspicious behaviors: suspicious URL, data exfiltration, process termination, preinstall script, and few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9a3637e4c85401af7944fe82cfd79a91d69797ef89cf50334fc3e5bf4fac0e6 The package...
Malicious code in @schedaero/yukon (npm)
Multiple evidences indicate malicious behavior: suspicious URL, data exfiltration, process exiting, and preinstall script execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02868b7ba4a5e5bf754e692e348191e6974f2f707417f20f97b33f172cda4ca The package...
MAL-2026-1228 Malicious code in @schedaero/bacon (npm)
Multiple suspicious behaviors: preinstall script exfiltrates data to a suspicious URL, terminates process, and few versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1f79d2ea06bc3905829524120560412e8e875463b5bddeb6bad3a343292c20c The package...
Malicious code in uxproject11 (npm)
Collects and exfiltrates sensitive system information to suspicious domains. Multiple YARA rules are triggered. High entropy file. Extension mismatch. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b478ab519bbd87949cad8be7d77296e0eddd01aa0be1b4b168ed2f6a0f7413...
MAL-2026-1234 Malicious code in uxproject11 (npm)
Collects and exfiltrates sensitive system information to suspicious domains. Multiple YARA rules are triggered. High entropy file. Extension mismatch. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b478ab519bbd87949cad8be7d77296e0eddd01aa0be1b4b168ed2f6a0f7413...