3 matches found
Malicious code in @injectivelabs/sdk-ts (npm)
@injectivelabs/[email protected] published 2026-07-08 20:59 UTC contains a wallet-credential stealer disguised as "key derivation telemetry". A file packages/sdk-ts/src/utils/key-derivation-telemetry.ts plus a hook added to packages/sdk-ts/src/core/accounts/PrivateKey.ts capture wallet secrets durin...
MAL-2026-10165 Malicious code in @injectivelabs/sdk-ts (npm)
@injectivelabs/[email protected] published 2026-07-08 20:59 UTC contains a wallet-credential stealer disguised as "key derivation telemetry". A file packages/sdk-ts/src/utils/key-derivation-telemetry.ts plus a hook added to packages/sdk-ts/src/core/accounts/PrivateKey.ts capture wallet secrets durin...
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...