70 matches found
MAL-2026-4882 Malicious code in @cloudplatform-single-spa/administration (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
linux-malware-toolbox
Linux Malware Samples - Educational Repository ⚠️ IMPORTAN...
MAL-2026-1897 Malicious code in bigmathutils (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious Package
Overview 1231dai is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in elf-stats-merry-garland-548 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5b0446bc7b428d52a072e60b18969e2e9b35f19d70d6a77bc8176e76dd14506 The package elf-stats-merry-garland-548 was found to contain malicious code. Source: ossf-package-analysis...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-186248 Malicious code in commitlint-config-angular-forever-dotenv-parse-variables-google (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e8eabd8ef0a60fb9207674e7219976cda9db0950935484582aa5086ac905614 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lookingan-jaja36 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d88a933083b04d9128842b63e016f88ca3a26f42c5d2da12273165bcd44f7cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-161647 Malicious code in nabuf-otomabin-nojafggu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37e3e837edd4f9d9f66300c3a00e858fc4d909f5e19452b9f95c4f6317f7ad3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-136023 Malicious code in ogi-tomat15-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0720957d377866c7fa530a7c00531e09fe06cfb2e7f3435e63e159af8c60ac5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-135496 Malicious code in maximum_leopon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35028811d764b031afc616a1855f4618bc25da22cdc880ed3f366509f1258a15 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-109517 Malicious code in tasty_scorpion-apptea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58530a6a91bbd00348934818498b63619b22401f0c1337723e1e45072d2ab07b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-98135 Malicious code in maya-tempe50-pore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d41596311a7d4e5aa4f2e0b84ccc4af8b65d6bf5dd09fada5a07f5f19acbc19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-84897 Malicious code in eka-nasiuduk81-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 390ed255a4dbd8a4642bf1f11c9794ce0dbaa9b1205584bfa27f279e2849370b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-91069 Malicious code in tiara-lapis65-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0fec5d2afd30ac7133dfc80ced5d21f50a4431466e668d2d454adfd6ac5de86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fajar-bakwan14-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f454dbfdef179e3846302fca4c56bc9eb2d5417edcced65e0a6d80b92348b34 The package fajar-bakwan14-breki was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...
Malicious Package
Overview advertising-charts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...