234857 matches found
MAL-2026-1356 Malicious code in b2b-common-cb-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0699be4242e2a015c76aad1b5ee1f2482f01a59017778511108ed33b8729a8e The package b2b-common-cb-lib was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview svg-safety-tool is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in restrict-imports (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f82360676317e6d9c2b69a82034af73f2008890871348fb45bc5b966f6aca03c The package restrict-imports was found to contain malicious code. Source: ghsa-malware e153e68a84a468be42de7a7c49af2d4e73778f4462d854be60a6e8baf03105...
MAL-2026-1348 Malicious code in locale-clamp-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e27ac52023546a1eba07c629b78779bf6d13280f732fce7b0d66c18a660d90e6 The package locale-clamp-middleware was found to contain malicious code. Source: ossf-package-analysis...
Contagious Interview: Malware delivered through fake developer job interviews
Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...
Contagious Interview: Malware delivered through fake developer job interviews
Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...
Malicious code in mabibilabub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b5848598772336361b5ae5218b3379ba6b80420c35d0ef05fcfae6d82688a29 The package mabibilabub was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ts-lint-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4411e0cabacba0eb0996243c3198a26f74deb52ec249ba39f1b8019fea10136 The package ts-lint-builder was found to contain malicious code. Source: ghsa-malware 0514225155e8ef3ef5350ff238e097dd627e4dd2639974c7cab656ad65d3f6b...
MAL-2026-1346 Malicious code in ts-lint-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4411e0cabacba0eb0996243c3198a26f74deb52ec249ba39f1b8019fea10136 The package ts-lint-builder was found to contain malicious code. Source: ghsa-malware 0514225155e8ef3ef5350ff238e097dd627e4dd2639974c7cab656ad65d3f6b...
MAL-2026-1343 Malicious code in chai-as-flex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...
MAL-2026-1333 Malicious code in polygon-gamma-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe3f588073fea9d33a70fcdffbe2466af2886a8bf5227c8e3256235aca46899 The package polygon-gamma-api was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwindcss-forms-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4539095c0f138c7afdd678f16ce6331acda209486c0e8ebe9f156da96b5de11a The package tailwindcss-forms-bundler was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1337 Malicious code in typescript-urql (npm)
The package 'typescript-urql' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in typescript-urql (npm)
The package 'typescript-urql' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1329 Malicious code in google-camelcase (npm)
The package 'google-camelcase' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in google-camelcase (npm)
The package 'google-camelcase' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1327 Malicious code in filter-imports (npm)
The package 'filter-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in filter-imports (npm)
The package 'filter-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1330 Malicious code in import-zod (npm)
The package 'import-zod' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.artifactsnpm.com...
MAL-2026-1331 Malicious code in llm-oracle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98fdc3b2f8d6e1b4bb0e26b6f7f12227b5759900fb7c859b6b13093b1a159bf9 The package llm-oracle was found to contain malicious code. Source: ghsa-malware 94a20da2ad0a043d47545889257036cffa168646e3083c39007db16c692dc419 Any...