13 matches found
Malicious code in leo-auth (npm)
The leo-auth npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in autotel-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7ed70ee4bddaee59149fdb7664c71d6efcc8c74cbd82bb652ed593b8d6a457d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5258 Malicious code in executable-stories-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
MAL-2026-5222 Malicious code in autotel-hono (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c68b32ae5e05f59d29919bad0bfae6bef90d3723f77b4a64cc86d6e3a39284c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5219 Malicious code in autotel-drizzle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 296ec225ea5d6328333ec1641f1562f475b1ed521a003427b581aa288cc735b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5133 Malicious code in @redhat-cloud-services/compliance-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
MAL-2025-191361 Malicious code in @voiceflow/nestjs-timeout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13d9067ab95136128bf92e8d28b434d340ae4fd7cd2c8e06f3378c71c3f6f2b1 The package @voiceflow/nestjs-timeout was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191314 Malicious code in @silgi/graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a0404f9aa498b1721d9dfffbbd0f41cb66d195675fa5a3b9e71fec42153b0e9 The package @silgi/graphql was found to contain malicious code. Source: ghsa-malware 131ca7201ac4ce3abb97a2f5940ad11186f384fb0190ddcaf14d36be20ea0d95...
MAL-2025-190923 Malicious code in mcp-use (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e38bd6291f6f6d66e34397d1b1495513a53528efac94b63487a1646eb7aa45af The package mcp-use was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190780 Malicious code in redux-router-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3336c78dffab3cf95e60180dad5e67109d7de3e5dbfc888d10874c466a4088c The package redux-router-kit was found to contain malicious code. Source: ghsa-malware 6714063bc703d6750a4f6a6eedaa083372d15b7b9fa6eef3c58492ac74792b...
Malicious code in @nexe/config-manager (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22a78a7d10a59f7a2928448f3166f83de5443650d498bd687751f36688e87c5d Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47235 Malicious code in @crowdstrike/glide-core (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c50fb4842e12feb703463f76e42b30788a613940789be0e353b396b7de4cba8 Any computer that has this package installed or running should be considered fully compromised. All...