MAL-2026-3725 Malicious code in deltaprime-primeloans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6dc7446f54374a89a45ea8f749647c8adc0aaf24720bd32ccfdb07e5b48042 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hardhat-core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b62021752710dce40c5fa0491b2c8e75454d25ee7e80bd15e3b5a99ace923ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in evm-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a7489773ccf098f6a3fd266658caa0ef6b48978619a9786e69b43db94758c7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3726 Malicious code in evm-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a7489773ccf098f6a3fd266658caa0ef6b48978619a9786e69b43db94758c7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3728 Malicious code in hardhat-core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b62021752710dce40c5fa0491b2c8e75454d25ee7e80bd15e3b5a99ace923ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3740 Malicious code in web3-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5f9a8e5a9dede9c1427e0e8d5c0d8db66d3edbf33e75da9e7cd205b31a1ce3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3735 Malicious code in solidity-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12e7b93d8eb164aafa0ae5488f7f7ceff21ceedac5f762e6c2618e85854df65e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in viem-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3d1feda8a13ce43d926de9052753f882f9f51f8afa6572c92bb4a5d3ca9412e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in foundry-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650bf2f76e5aa2fc3b175c4b582ce3c3ee8b9ac6fe433ed925f6e521c619c60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3737 Malicious code in viem-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b4fdfd2feb3635d346056076f2597928654f198a02ff13ff1a4c5725b823456 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3739 Malicious code in viem-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3d1feda8a13ce43d926de9052753f882f9f51f8afa6572c92bb4a5d3ca9412e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-42159

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised...

MAL-2026-3724 Malicious code in @convera/ui-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa0960816c1204042cecc61c5337e5db2c1407f5325cfc2ed26e43b5dc054d0 On npm install, the package's preinstall.js collects os.hostname and os.userInfo.username and sends them as query parameters /?hn=&un= via...

Malicious code in @convera/ui-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa0960816c1204042cecc61c5337e5db2c1407f5325cfc2ed26e43b5dc054d0 On npm install, the package's preinstall.js collects os.hostname and os.userInfo.username and sends them as query parameters /?hn=&un= via...

Malicious code in async-http-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 85e8a68bad6595a817f1dabed757662e2a04cfec7b45a86d9bfd61a7a78d14d1 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in web3-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8d6102ae402b2583a01da47e71f41cccba99fb7826dcf360004d8924557e1760 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

MAL-2026-3664 Malicious code in workingitmehelpit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e553fe0eea72dc43eab2696330acd6fbb3e4de8c95529eab6298411620c0c9f Package installs malware identified as a backdoor or reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in pandas-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 34c3e3d51b95102fd72f00c2b6c4bce7e34a801326dfbe7557f2d4346ed37508 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

MAL-2026-3656 Malicious code in buffer-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44f072eff9ef90a204331ae1a03c5c4296929dbf88a05fff1a529e397548421a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in buffer-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44f072eff9ef90a204331ae1a03c5c4296929dbf88a05fff1a529e397548421a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...