Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

Malicious code in warp-contracts-plugin-deploy-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac3a02c9f004d72f8975e0e93fb0810818b509cf295cf9a567c882afaf9a7444 Package name warp-contracts-plugin-deploy-test mimics the legitimate warp-contracts-plugin-deploy and copies its public API surface lib/cjs/index.js...

Malicious code in jsontoken-extend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59a8a8ab722d33bdd2ea25422aaf7e607a1b1a881446c3561ec8225fb9187742 On require/import of jsontoken-extend, sign.js executes a top-level IIFE that base64-decodes a hardcoded string to https://www.jsonkeeper.com/b/XAMRK...

MAL-2026-4592 Malicious code in jsontoken-extend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59a8a8ab722d33bdd2ea25422aaf7e607a1b1a881446c3561ec8225fb9187742 On require/import of jsontoken-extend, sign.js executes a top-level IIFE that base64-decodes a hardcoded string to https://www.jsonkeeper.com/b/XAMRK...

Malicious code in web-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd19476eeb1c31707abe6fac6f52dbd1950a0dc25f4854ea5269d6400f8ea37 web-dotenv impersonates the widely-used dotenv package: its package.json copies dotenv's repository git://github.com/motdotla/dotenv.git and homepage...

Malicious code in license-checker-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66ac93280c5fc72f65d15486a69369e4d2c2b289fa6f062a6643b63137fc6aa9 Package name mimics the widely-used license-checker while shipping an undocumented lib/compliance.js module that harvests credentials. The module sca...

Malicious code in midcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...

Malicious code in cb-wallet-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d704c0a6a48da0e2fef8eddcd1f98e7d380c3e19f22753f3df51d9893f60ce Package name mimics Coinbase's internal cb-wallet- namespace to capture dependency-confusion resolutions. On npm install postinstall.js and on...

Malicious code in polymarket-clob-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0a3a7bbeb25fb478d59cdd4b62ebb34c13e8e236505813660e81abf61e74ec The package is published as polymarket-clob-client, an unscoped lookalike of the legitimate @polymarket/clob-client maintained by Polymarket, but the...

Malicious code in pycalendar-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda873c38a1eee9ecea320371b0473466144f2bd41bc778dff8510cb5dcf4b5f pyproject.toml line 8 declares httpxyz as a runtime dependency dependencies = 'httpxyz',..., and pycalendarapi/utils/httpclient.py imports httpxyz an...

MAL-2026-4764 Malicious code in pycalendar-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda873c38a1eee9ecea320371b0473466144f2bd41bc778dff8510cb5dcf4b5f pyproject.toml line 8 declares httpxyz as a runtime dependency dependencies = 'httpxyz',..., and pycalendarapi/utils/httpclient.py imports httpxyz an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001636 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001121)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001121 advisory. A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alte...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003233)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003233 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002997)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002997 advisory. A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alte...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002778 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...

SimpleX Chat X Account Hacked, Fake Site Promotes Crypto Wallet Scam

SimpleX Chat’s X account hacked to promote fake crypto site urging users to connect wallets. Site mimicked official design to steal funds...

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri...

Malicious code in bloxypy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ca1bb0aab09d6ef59ee1ff8485c8c2a6b565c1311246ed61d63c9757bd44ecdc Attempting to use the module starts obfuscated code containing an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in @malware-test-pinta-jiber-mimic-ahoys/test-mlw3-pinta-jiber-mimic-ahoys (npm)

The package @malware-test-pinta-jiber-mimic-ahoys/test-mlw3-pinta-jiber-mimic-ahoys was found to contain malicious code...