39 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in lockedin-chai-chain (npm)
lockedin-chai-chain is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Embedded Malicious Code
Overview @zapier/spectral-api-ruleset is a Node package for linting API schemas using Spectral. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from th...
MAL-2025-155938 Malicious code in ican-poke58 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d03b7f0c39d022c534e82100ce1c0e6d232b14f3c85e95fe820f126187f5e9c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in slamet-poke88 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050f97caccdef9cb5a91c366caa01b4d4fdfd544275e1140c0c9d0eaa05e2c0a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-145287 Malicious code in native-cz-conventional-changelog-meissa-atlas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bac21f13b4b7614fa1c9af0606fd1809d609ba57b1a9f0340f11c23f245f30b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lina-martabak41-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c059288f1700ee71cfb038852e65966c05f8c9bc12e1499bdde795abe5afee47 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-89120 Malicious code in ogi-sambalado82-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d25ee7bc8295d74b6ecf46607a4074419eab5ab4443e6aaf5ae994d9911aea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in wati-semur25-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cea6c170883b21f80bc924dbf52f09093c99cb29c8ea31865c35c8e37685b775 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-69176 Malicious code in liquid-gray-booby (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d834d91667d7e0be6a27fc68abdee1ce8dd540758dbe13576e46d15f96892c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-71680 Malicious code in xenophobic-silver-sole (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c3145cd9591902dee3b98fa1287ade3818c70d9c9eae9576c4a500ba9d569c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in usual_roundworm_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58d4ff817d78a04175775fc90295c101f7765f56f664dcc1e484adc2532f87ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mute_wolf_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9ff1ee9ae5629b987836126652938e30ddfcb68eb154bf7dfe3ad5c43baca48 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
This ‘Privacy Browser’ Has Dangerous Hidden Features
The Universe Browser is believed to have been downloaded millions of times. But researchers say it behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks...
Malicious code in libvirt-python (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2071f9220268a6478afd2c0c3f551190b1ac0eec255abc1d5e1dbc35744e5e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47215 Malicious code in @crowdstrike/falcon-shoelace (npm)
postinstall script executes bundle.js. bundle.js triggers unsignedbitwisemathexcess YARA rule. Suspicious behavior indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 035c35169c1f3c6c939e3237ce0bb606645b05601db61892b5d54cbeea095b57 Any computer that h...
Malicious code in authnd-client (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9da591ec2002916d80cd089745cfa963d18744916bf5db914f1fc0b14e117a5e The OpenSSF Package Analysis project identified 'authnd-client' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...
Gafgyt Malware Broadens Its Scope in Recent Attacks
Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...
From Alert to Action: How to Speed Up Your SOC Investigations
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center SOC professional's role. Threat intelligence platforms can significantly enhance their ability to do so. Let's find out what these platforms are and how they can empower analysts. The Challenge: Alert...
Threat Roundup for November 3 to November 10
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Nov. 3 and Nov. 10. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...