164 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Malicious code in telethon-pro-safe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data. --- Category:...
MAL-2026-4859 Malicious code in telethon-pro-safe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data. --- Category:...
Malicious code in tailwind-style-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0818530f40672586168012538662486135f040526d0e4377f362b6bfe2f61bd2 The package name impersonates the official @tailwindcss/typography plugin and replicates its README and source verbatim including links to...
Malicious code in @kedem/okdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle hex-mangled symbols like 0x2a69e2/0x5d02f6 that constructs HT...
Malicious code in @ikyyofc/gemini-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...
Malicious code in btd-smart (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ad22b27351879a89349a1232ee5abb46bc589399ea710b9769526a8080b3199 The package presents itself as a clone of juliangruber/balanced-match stolen author identity 'Julian Gruber ', verbatim README, identical API renamed...
MAL-2026-3851 Malicious code in @antv/async-hook (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in env-threads (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb511e0bf06367ec0341939aa68ee55859344c6ca6cb8d9f55f7e62cdcc8656 Package env-threads impersonates the legitimate dotenv package: its README, repository URL git://github.com/motdotla/dotenv.git, homepage, descriptio...
MAL-2026-3759 Malicious code in env-threads (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb511e0bf06367ec0341939aa68ee55859344c6ca6cb8d9f55f7e62cdcc8656 Package env-threads impersonates the legitimate dotenv package: its README, repository URL git://github.com/motdotla/dotenv.git, homepage, descriptio...
Malicious code in apkeep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d545ff7c3c178485cfb49d0028c4c808e67d0ee0fddcb4b7b195c943bb07d888 The package pretends to be a fork of a legitimate Rust library and uses the identity of the original authors. During usage, the obfuscated code targets...
Malicious code in mpkg123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 df9e0498d827adeb16ea11e4a1137133d2124f039942b776f7ac098a257cd164 If executed as a module, the obfuscated code collects and exfiltrates sensitive data, including passwords saved in a browser. --- Category: MALICIOUS - The...
MAL-2026-3408 Malicious code in textwrap-ext (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da4e8d5daae9a14e0ceb5a942afd308068957ec655cdd950b2b041934e9ec182 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...
Malicious code in textwrap-ext (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da4e8d5daae9a14e0ceb5a942afd308068957ec655cdd950b2b041934e9ec182 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...
Malicious code in textwrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 029e190fc99763d65a096339b29fa85aeb0a23c3818a632a2dd4dc99f3e8fd64 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...
MAL-2026-3403 Malicious code in textwrap-formatter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 18da24e92fd40457ad3df2af568c07d41b35f44e6e07e8fac3bf0eafba9c2154 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...
MAL-2026-3396 Malicious code in ninja-core-optimizer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbe38f659a9fac5304f648aa594e12123221abd687755378f05b3efe17d6d4c7 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location --- Category: MALICIOUS - The campaign has clearly maliciou...