BIT-PHP-MIN-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

BIT-PHP-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

Malicious code in 88q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb830829cae1605ff7626653a2470db03cd5a5aab98b3f0a7f5912eaf244561b The main entrypoint index.js runs an IIFE at require time that monkey-patches the global console.warn and console.error methods. After the override,...

MAL-2026-3668 Malicious code in 0xegg2024 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86f32380998652e4d6d7b70da165cff6d669a4c6a6d9297da2a137071abf6317 Tea.yaml token farming campaign...

Malicious code in 100jsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 207a07d918d9b3ddfdf0f845ec22f6bab19629fa77968d3b41409d0b62bad441 The main entry g.js constructs an image beacon whose src is a base64-decoded attacker URL https://w.g32.com/g?k= concatenated with...

MAL-2026-3670 Malicious code in 11j (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ad371791d84a3c28ca12b62bae45a07567847b7df025c93611f8f504a1c869 the analysis identified unambiguous malicious behavior in log.js the package main: an IIFE executes on require/import that monkey-patches...

MAL-2026-3673 Malicious code in 3pool-sushibar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5112bb2ea3570e56be6525c48ef026624f46dead693e78333696273c911c6c42 This package is a dependency-chain dropper. package.json declares 15 undocumented dependencies in three numbered families web3chain02032, rusttool070...

Malicious code in housecallpro (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6e95d04cb7977b9da45686f61f19767b33fb3e4fd1af5081b1a27acfd9ee9337 The OpenSSF Package Analysis project identified 'housecallpro' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in @mesadev/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3605 Malicious code in agentwork-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @dirigible-ai/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @draftlab/db (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3603 Malicious code in @tallyui/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3592 Malicious code in hedwig-tsconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1a650b67b76184573f147a7b286249b1de734cfa85647aea9a9bea3284e155f8 The OpenSSF Package Analysis project identified 'hedwig-tsconfig' @ 99.8.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in @uipath/widget.sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e72fd5223273f42c47db6b5b8217e2cdce8589d9cf9545621606c249facc6ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3564 Malicious code in @uipath/packager-tool-workflowcompiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba55a8cfb928dc9076aa7df6b3b8d5ca1f93f4f191e6f46b4dac2824d2e36af1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/maestro-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6885645b867aaec1056710aae316b39c7601e17728f7e35b391f02198b3832b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3552 Malicious code in @uipath/integrationservice-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3ff8598d48c12ca9fe162be025bd370560d125c36c4e5dfebfbb09bccfda3f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/insights-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4a14d8ee3cc65fe720a880c72000a911cbc45433f4113501a7246c018798380 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/integrationservice-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4edd2a2ae1287141aa4d05d85a3bc8510964321fd4e054af3a5f763d6ad30b9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...