15 matches found
MAL-2025-192752 Malicious code in @google_recaptcha/js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0346120a6f0d866aebe59ca9ae06c02e28849fc3840a412edcc81a2ab54ded The package @googlerecaptcha/js was found to contain malicious code. Source: ghsa-malware...
MAL-2025-49718 Malicious code in yuni-saguer85-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd01b1fbaa0f030dd44d35ce1baf8fb305cca6cfb02f47366556faea33718cae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-47480 Malicious code in dowload_ebok_see_how_they_lie_by_sue_wallman_7f3za (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fa49dec8d439a9b9749b02cc494c69fbc1a39a7aa95be72aff02ef85608c978 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond
A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the 2-hour exposure with Wiz telemetry 99% package prevalence, 10% malware presence, and unpacking what made it spread so fast...
Malicious code in test-mlw2-joust-targe (npm)
The package test-mlw2-joust-targe was found to contain malicious code...
MAL-2025-18008 Malicious code in datastores_best_practices (npm)
The package datastoresbestpractices was found to contain malicious code...
MAL-2025-26527 Malicious code in mlibre (npm)
The package mlibre was found to contain malicious code...
MAL-2025-29228 Malicious code in pickmeo-test1 (npm)
The package pickmeo-test1 was found to contain malicious code...
MAL-2025-18175 Malicious code in deep-thought-relay-client (npm)
The package deep-thought-relay-client was found to contain malicious code...
Security flaws found in tiny phones promoted to children
TL;DR Three mini smartphones promoted to children were analysed Those devices are heavily promoted on TikTok All had outdated operating systems All could be rooted without wiping the phone, allowing data to be compromised with physical access One had malware artefacts pre-installed One had an...
MAL-2022-971 Malicious code in amll (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7776332e118bee2ea3709d76f0d17765c43c203bf54e6d901a009a8712cf7a92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in acorn-visualforce (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66eaf5c95398990d08264a2459a3972ec3018d13b285cce760509a2517f1d28d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in creative-screenshots (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb6d9b1b76145804dd4aa010a7af7cb9a7262875d76098a165e5832f79dab014 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package in conistring
All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...
GHSA-PC7Q-C837-3WJQ Malicious Package in wallet-address-validtaor
All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...