4197 matches found
MAL-2026-5158 Malicious code in page-info-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4a2106922e9e3851658667cacaa2c2818cdb56cd0c4df6778c0cb7fbed2338e The OpenSSF Package Analysis project identified 'page-info-service' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in po-ops-local-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...
Windows BITS Jobs Persistence Scanner
This is a Windows BITS Job auditing tool that scans all Background Intelligent Transfer Service BITS tasks using bitsadmin, then analyzes them for suspicious behavior such as executable downloads, command execution cmd.exe, powershell, and remote URLs. It classifies jobs as normal or suspicious a...
Malicious code in cms-storehub (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dda5fa0b4771a3299568c8dd8d17d5663d9c8ae782b8c71f4a2baf0ce1f8e5ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sorenson-webfonts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ebdc541a49aeb340c75d6a96abee6465496dc22a04e82be2f03b85b2be1c3881 The OpenSSF Package Analysis project identified 'sorenson-webfonts' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in nemo-reporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a43ec0a345170ad191fa1c25bdd4000595aa8ce733c6b9c69de6b65a1defb2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4836 Malicious code in nemo-reporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a43ec0a345170ad191fa1c25bdd4000595aa8ce733c6b9c69de6b65a1defb2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4901 Malicious code in @cloudplatform-single-spa/cp-api-gw (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4826 Malicious code in wm-mapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d3ca8c31fe1e2448adc737f90ef9278202575bc77d3a4a5206e62920219e54a0 The OpenSSF Package Analysis project identified 'wm-mapper' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...
MAL-2026-4352 Malicious code in xarc-webpack-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29d869051afe04db57e24dad1092c70992f83465d60989f5120e17d7fa20310 The package ships a preinstall hook node poc.js || true that runs on every npm install. poc.js collects host fingerprint data hostname, username,...
Malicious code in xarc-webpack-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29d869051afe04db57e24dad1092c70992f83465d60989f5120e17d7fa20310 The package ships a preinstall hook node poc.js || true that runs on every npm install. poc.js collects host fingerprint data hostname, username,...
MAL-2026-4271 Malicious code in data-pipeline-check (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ca0e77c4eda50057aa04c615897f067ee866d02fc1e2fe65cdbb263d3081e8 On import pipelinecheck, the package spawns a daemon thread that, after a random 3-15 second delay, walks /.ssh, /.aws, /.ethereum, /.config, /.docke...
MAL-2026-4268 Malicious code in asavie-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf12a913426dee622d500474fe3629c5bb3246e1793e3f210916885c6d0481a9 callback.js collects host identity information os.hostname, os.userInfo and transmits it via https.get to an external endpoint at install/load time...
MAL-2026-4259 Malicious code in cryptowallet-safety (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d On import cryptowalletsafety, the top-level init.py lines 13-21 shells out to curl -sL...
Malicious code in reactive-cdk-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4 package.json declares preinstall: node index.js, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync,...
Malicious code in @shinzepelly/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...
MAL-2026-4172 Malicious code in @piewasm/pie-web-npm-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...
Malicious code in identitysecuretokenserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2704e731d0b82aa5927cf3713f741111b03fe8efb2d886cb0ef472a24705c5e3 The package identitysecuretokenserv was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3856 Malicious code in @antv/calendar-heatmap (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @citi-icg-158830/icgds-react-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6255b5d27ddf97d5093328983d54e39a05ce73176cdc472aa2df8499fa506f1e The package @citi-icg-158830/icgds-react-css was found to contain malicious code. Source: ghsa-malware...