729 matches found
MAL-2026-2227 Malicious code in validator-lut-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f447a3c02a6c7ea716862009fcf6853c8d52e05144fa78746cbdbfe3ef000 The package validator-lut-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2222 Malicious code in chain-coremesh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53c78d25a9b5c960f74dda3653e6f237df054e60b0234511fa4e9fe3d650a00f The package chain-coremesh was found to contain malicious code. Source: ghsa-malware 7c22f3e9c994c2b163ca8dc9cfdd501768a8ed0163ccc7c9fde8160ace616303...
MAL-2026-2169 Malicious code in console-loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a453dd193f8ddd250ba6ade5c711f845eced766f664cb75f7969f064a94b86f The package console-loggers was found to contain malicious code. Source: ghsa-malware 4172c3551666d2ed6e2691429d3929465e9f862f0967ff39fcad41faf23fb20...
MAL-2026-2153 Malicious code in @xvortexsockets/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6fe781d4e79519992d2b0f37577515da41d7e0deb2f9f32df7c39dfb8de3916 The package @xvortexsockets/baileys was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2131 Malicious code in nemo-fpti (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d59bda0a25d9b656075c91322ff0c7a8463b743465176a358265f7fb35710b98 The package nemo-fpti was found to contain malicious code. Source: ghsa-malware 7e5357f25ae0271690f061e93dc85be49cf6ebe3ccd0d09110524b0fcbb30ee3 Any...
Malicious code in in-app-marketing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d475c46e8eda7ca153485336dce8c0b7d3bf8e3ea31a871232bc815438bc140c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @emilgroup/partner-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 021998bae85c5300a2c6e776ee80893de174f4216d701951b4742fd3eff21d85 The package @emilgroup/partner-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2041 Malicious code in @emilgroup/claim-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86e7c53acc9840bac58a8ff7aca0a0d40a03ab2a8ac73dd55d0314373528800 The package @emilgroup/claim-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in fadlsjf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7851237c54cc21d98214fdd4c10550fb6665672f78c6f685de666e25f116c54f The package fadlsjf was found to contain malicious code. Source: ghsa-malware 84c2aa35dc6cdbc9581e9c90d31fc8048bf73c56102725c533f82882b2aa3422 Any...
Malicious code in @aifabrix/miso-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ddcc2128fa9a68b4ccf29899647a346301d90cb84cb45c30863872c44e2b3ae The package @aifabrix/miso-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1493 Malicious code in pino-logger-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5c908d1d5a0d2a6a517ef1aa6e7ab5b7ddc8644dc39730c2629f0226a69121a The package pino-logger-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in minify-replace (npm)
The package 'minify-replace' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
MAL-2026-1512 Malicious code in undeclared-variables-check (npm)
The package 'undeclared-variables-check' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in peer-deps-external (npm)
The package 'peer-deps-external' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1567 Malicious code in transform-function-bind (npm)
The package 'transform-function-bind' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in pulsard-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5088b269cb089b9b077cf5a13f9b00cbb8d01375276ce1e2f1c99fc7154a46be The package pulsard-utils was found to contain malicious code. Source: ghsa-malware ff1030d82dfca7d7403806e0bd8ba645d25cddd141cb5480664a6555f2d441d7...
MAL-2026-1379 Malicious code in 8x8-developer-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 830ce990639483b2f7a9ea4e000d63c831e0d58c94e718a1a20add6885cb93ef The package 8x8-developer-docs was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1372 Malicious code in @sky-it-livedata-libraries/livedata-commons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20bdbc3cff45e6eac27e84e332d4efa6ad06a4d593b15610a99115bac25d2931 The package @sky-it-livedata-libraries/livedata-commons was found to contain malicious code. Source: ghsa-malware...
Malicious code in unibody (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62433a668da6675dffc03d0b406316c3a612058aed5063d864c1f6a78d94e937 The package unibody was found to contain malicious code. Source: ghsa-malware d5083ea858a18dda094f7d171b57730132d8348f914ae8b2895725447d8f13f0 Any...
MAL-2026-1329 Malicious code in google-camelcase (npm)
The package 'google-camelcase' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...