Malicious code in motion-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f13ebafd858996faf32f6987cd969b933bf5c31c7ac329cf55f160bb6bbf6007 This package masquerades as the pino logger README copied from pino, exports module.exports.pino = middleware but its middleware does no logging. Whe...

MAL-2026-4591 Malicious code in jsonbson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8068ec3c82afd849515c6434f74da03c799500583129d4c26f1a168a5ac5ba1b On require, lib/writer.js loaded via main=pino.js collects a full snapshot of process.env, OS platform, hostname, username, and external MAC addresse...

Malicious code in aiolrucache (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files,...

MAL-2026-2020 Malicious code in aiolrucache (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files,...

Malicious Package

Overview t32d is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

CVE-2023-21358

In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...