MAL-2026-3752 Malicious code in cdp-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf55b093e3a93e8d3f536101e62e09cf7e86636cd42813d02f518138cbcb8ed The package ships cdpinject.js, which combines childprocess, fs, http/https, and base64 encoding to gather system information and exfiltrate it over...

Malicious code in sol-batch-transfer-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dab4fb850a1ce0b83f1e7f74ce0281ca8309031037355f9a247dbd0a715eab4d The code silently adds a hardcoded address to the list of transfer recipients. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-3771 Malicious code in request-logger-canary (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0d566d7abb400988aea74b00099a6db4c5ea928f32e7d44648193e21a36035 [email protected] ships a preinstall.js that, when npm install runs, opens a TCP socket to 52.74.242.200:8851 and pipes an interactive...

MAL-2026-3767 Malicious code in node-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1593e77b5e2763e7ace49c239accedfe30209faea11bc07cf3901a7253798444 On require'node-ci-utils', index.js runs a top-level init that, on Linux, creates a hidden directory /.local/share/.nodecache/, downloads an opaque...

MAL-2026-3760 Malicious code in ethers-abstract-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e17d355d974f842bc8db3219ce3f1dc6e643f2a5e1ba8dd0b38a404a8f96e9a8 On npm install, the package's postinstall hook spawns a Node one-liner that uses childprocess.exec to curl/wget...

Malicious code in cache-poisoning-pwn-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dacd21af4f62dd3183bfc4126d1cbcf18600a1c72301b7ae8ca401ec7e44f94e The package's postinstall hook node -e "try require'./dist/postinstall.js'; catche " loads dist/postinstall.js, which bundles a poisoned is-number...

Malicious code in pyexecutorsme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 326ad16be9056f6cbd75fa4f9a47dec8c3613b56aa53d3e5d439efeef7c6fcad Package attempts to download and execute a script acting as remote access trojan. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-3744 Malicious code in node-ipc (npm)

Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...

Malicious code in mrgn-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0d991ca84319ea7151b66ece28c7cfe860d1523b6926f63a60d13d7b96dded Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mrgn-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60e708a2cb4de33f208a93fda6aa96871b522adaa504f529cd1424a802b76b83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in marginfi-client-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6239cecf8f2a6600aa98aeec2042d29928f02416181a88f31a251b0448327fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in deltaprime-primeloans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6dc7446f54374a89a45ea8f749647c8adc0aaf24720bd32ccfdb07e5b48042 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sol-coverage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6ac3d8c51b3f87a97b7b9724145b73d894fc4027da14122aea3eb6d51bfb671 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3729 Malicious code in marginfi-client-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6239cecf8f2a6600aa98aeec2042d29928f02416181a88f31a251b0448327fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3734 Malicious code in sol-coverage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6ac3d8c51b3f87a97b7b9724145b73d894fc4027da14122aea3eb6d51bfb671 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3733 Malicious code in mrgn-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60e708a2cb4de33f208a93fda6aa96871b522adaa504f529cd1424a802b76b83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3732 Malicious code in mrgn-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0d991ca84319ea7151b66ece28c7cfe860d1523b6926f63a60d13d7b96dded Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3730 Malicious code in marginfi-v2-ui-state (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11ff4ff1afbd9d61e37dd14e75ed54936d435bfc765683e33f8b24976290db7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3736 Malicious code in solidity-linter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc1e53cd2c5e0f2cd7874aca89da54334315bfff4129c14965247a454a835c7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3731 Malicious code in mrgn-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16fe2927853a543269a7eb66273bfea477dd040bc2e90f40d9b3642e9d138f5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...