3 matches found
MAL-2025-96614 Malicious code in sleepy_termite_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6900d0c4bf03b080fcc599d216e40d450f1eb31e3982eb598132a923df01b405 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious Package Injection
DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...
EUVD-2021-11021
Malware in sbrugna...