18 matches found
Malicious code in @antv/word-scale-chart (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-plugin-physx (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3948 Malicious code in @antv/g-plugin-matterjs (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g2-extension-3d (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3954 Malicious code in @antv/g-plugin-svg-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
CVE-2025-59141
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59142
color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
GHSA-PXX3-G568-HXR4 [email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...
CVE-2025-59145 [email protected] contains malware after npm account takeover
color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrenc...
CVE-2025-59331 [email protected] contains malware after npm account takeover
is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
CVE-2025-59144
CVE-2025-59144 concerns the npm package debug . On 8 Sep 2025, the npm publishing account was taken over via phishing and version 4.4.2 was published with a malware payload that attempts to redirect cryptocurrency transactions in browser environments (e.g., via direct script inclusion or bundlers...
CVE-2025-59140 [email protected] contains malware after npm account takeover
backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
PT-2025-37743
Name of the Vulnerable Software and Affected Versions: simple-swizzle version 0.2.3 simple-swizzle versions prior to 0.2.4 Description: The npm publishing account for simple-swizzle was compromised following a phishing attack. Version 0.2.3 was published with a malware payload designed to redirec...
PT-2025-37746
Name of the Vulnerable Software and Affected Versions debug versions 4.4.2 Description The npm publishing account for debug was compromised following a phishing attack on September 8, 2025. Version 4.4.2 was published with a malicious payload designed to redirect cryptocurrency transactions withi...
PT-2025-37748
Name of the Vulnerable Software and Affected Versions error-ex versions prior to 1.3.4 Description The error-ex npm package was compromised through a phishing attack resulting in the publication of version 1.3.3 containing a malware payload. This malware targets cryptocurrency transactions and...
UAParser.js 0.8.0 Embedded Malware
According to its self-reported version number, UAParjser.js is 0.7.29, 0.8.0 or 1.0.0. Therefore, it may be affected by an embedded malicious code vulnerability due to an hijack in the maintainer's NPM account led to including an embedded malicious crypto minor in this package. Specifically, the...
UAParser.js 1.0.0 Embedded Malware
According to its self-reported version number, UAParjser.js is 0.7.29, 0.8.0 or 1.0.0. Therefore, it may be affected by an embedded malicious code vulnerability due to an hijack in the maintainer's NPM account led to including an embedded malicious crypto minor in this package. Specifically, the...
UAParser.js 0.7.29 Embedded Malware
According to its self-reported version number, UAParjser.js is 0.7.29, 0.8.0 or 1.0.0. Therefore, it may be affected by an embedded malicious code vulnerability due to an hijack in the maintainer's NPM account led to including an embedded malicious crypto minor in this package. Specifically, the...