64 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference...
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest...
Malicious code in @oku-ui/scroll-area (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feec27c9dd0a9e2e311e7acfd63e100ca5a09fe90c7e8aeb9237e7722ea49a77 The package @oku-ui/scroll-area was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191267 Malicious code in @oku-ui/primitives-nuxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ee73daea7a5697698adf390d5267c68b30e77f888efdbfd38686cdc878deca2 The package @oku-ui/primitives-nuxt was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191334 Malicious code in @voiceflow/backend-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 939c031191eb7578a914d631512a9cf7594b3fa8719c9d5a82dc8469a70a5a72 The package @voiceflow/backend-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191358 Malicious code in @voiceflow/nestjs-mongodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2004e6b1248a0973eb52ceacef7b58dbf4de7c31813ea2b67f07e2788ad3205e The package @voiceflow/nestjs-mongodb was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/test-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f63a9f42565b5107e8f6684e1079874b29df133cb9d0bb1f425adf7317a6a50 The package @voiceflow/test-common was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191401 Malicious code in pkg-readme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfc479ddf04c9b4dccdd1b190ab6a553b8b70b35dd010db9a2f6facee0990c78 The package pkg-readme was found to contain malicious code. Source: ghsa-malware 1367f46db577db5123a8d208e0f5d172747a39e623e7c33db0a7e240d28f9d2a Any...
Malicious code in @voiceflow/google-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dcda26e47493687c0d0abbbc7547b7f3c0e98ae3637f723272bcc4f20152b68 The package @voiceflow/google-types was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191171 Malicious code in @accordproject/concerto-analysis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd4dfaf2dbfd72597ed98e94903934d34e97ddd5dc4f7aeb7f5450767cb3a34c The package @accordproject/concerto-analysis was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191236 Malicious code in @ifings/design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8a2d458b22985eaf37f768018a4359ed4e32182c1c21f0f204e440b8f37772f The package @ifings/design-system was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191032 Malicious code in @lessondesk/schoolbus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c14a4cce7a095ba23b1ec9898ad654afc8e736c94cf26a1b8c15aa123973fe9 The package @lessondesk/schoolbus was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191025 Malicious code in 02-echo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4304d63d618938cc1d4dc7dab1141d0d40a98c9724393d6986686311ea95ed1e The package 02-echo was found to contain malicious code. Source: ghsa-malware ea51eeff44737fa3bd6eba3c88b458dc42aaea1ded99e3812c204fc1a712be24 Any...
MAL-2025-190997 Malicious code in react-native-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b96159f9c8f74a56ea1f03322401befd0e090840e21dff7d1cc37db649e8cd58 The package react-native-fetch was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190983 Malicious code in package-tester (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1888e34e329bc0ea8f84900de1b8ac52cf5271deb84547900790be3335b0d3e4 The package package-tester was found to contain malicious code. Source: ghsa-malware 1cd7a624ca6e7cb7928904d72a30bb889766f3c6009a09fb20758a0a29b56255...