967 matches found
MAL-2025-6676 Malicious code in undeface-test-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 69c9b501034a030dc669fcc1ae2026db2508367cac00b2b2b7e4d8df0a78ad7e The OpenSSF Package Analysis project identified 'undeface-test-2' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6737 Malicious code in newrelic-scheduler (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850 The OpenSSF Package Analysis project identified 'newrelic-scheduler' ...
MAL-2025-6674 Malicious code in undeface-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb90f4f82fed4d59ca2dcb3a39b4b93866778f4f52ae780393bdcf08e389be03 The OpenSSF Package Analysis project identified 'undeface-test' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6673 Malicious code in cerberux (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5695d0b2f501364a21975ae94641cd4afe53e8728199b018ebcea405011d9485 The OpenSSF Package Analysis project identified 'cerberux' @ 3.0.0 np...
MAL-2025-6671 Malicious code in @usaa-grp-payments-web-experience/bk-acknowledge-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b56c4b39f3ee1932940e85cef9f0071fc46b948628c13f5588bd484de40ab42d The OpenSSF Package Analysis project identified '@usaa-grp-payments-web-experience/bk-acknowledge-module' @ 2.9.11 npm as malicious. It is...
MAL-2025-6385 Malicious code in icare (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ae62dc64a37956f3444013e4dd1287b53c4f98d5811644e41de70bea7820b31 Source: ossf-package-analysis 5ef3fd9f7c979ad17316b55bd4b33311a8afc4966f82955133c709fef2b53e84 The OpenSSF Package Analysis project identified 'icare' @...
MAL-2025-6753 Malicious code in rca-url-adaptator (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8a4c404a67ab59319cbe0468f8814fdb2d770576ff6c1e58b816b178705447f3 The OpenSSF Package Analysis project identified 'rca-url-adaptator' @...
MAL-2025-6787 Malicious code in flatfox-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1abb243ceb7b5b94ca2f950d7cf27838ad4c22bc9771a0ea878af5497bfebf2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-6348 Malicious code in resource_registry (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 167da4f9808c8b20773d1ba15c4581213f2c09eadb21944e6391a525e774d787 Source: ossf-package-analysis 97ad7e4a2d8c7feaee7f61db0f1f57c90f92b4f92d6ca258fef4bc5f5107666d The OpenSSF Package Analysis project identified...
MAL-2025-6337 Malicious code in @xcxcxxx/gsap3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dca541d25bf831300b7d0993132672911b4c5d12c94e73218858e5a6d458af4a The OpenSSF Package Analysis project identified '@xcxcxxx/gsap3' @ 99.10.90 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6336 Malicious code in testing123kk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bebd39f4de86af5e9634fbfda5f8c97794b597b1066c2fcd32e3a2068569280d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-6329 Malicious code in momentjs-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f28c9895f79a0a36ce23a5aa43824f3819d75b0736b6650523b5f4dc6aa0babd The OpenSSF Package Analysis project identified 'momentjs-poc' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6328 Malicious code in triple-equals (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d65cc69dec9f320438a4209e4c952480d78b96c779a019b6a09c04499b9e3edc When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...
MAL-2025-6255 Malicious code in redux-probe-unknown-action-rce (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d273d8be87dc1aaa71222024d9f545d4ec9bde08234f27b0c9c81f6dd8c86721 The OpenSSF Package Analysis project identified...
MAL-2025-6327 Malicious code in react-nodes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f859f678cb85445cc8d486c034c1a9de313c92e4485d8dc546bab5be2823b71 The OpenSSF Package Analysis project identified 'react-nodes' @ 4.0.1 npm as malicious. It is considered malicious because: - The package execut...
MAL-2025-6249 Malicious code in @grafanacloud/test-utils (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 86fad9166303d847c44fd5532ddf9f11a1b00f4d412bdde3435415be2bdd4b5e The OpenSSF Package Analysis project identified...
MAL-2025-6248 Malicious code in foundry-jupyter-extension (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8114162af3676e6c75f96e1dc953dae363e41fab4e9b3ce75a84b261aece0113 Installing or importing the module triggers exfiltration of environmental variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-6241 Malicious code in budoux-extension (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b648f8e2f3161c2d499b10cce27dfd7bc034fc56857168b74c85c0dd29d03fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6321 Malicious code in ui-data-layer (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8a48f1cd7920a46266b710e80c45543e765af5de9e2944c114bf249efe69ce17 The OpenSSF Package Analysis project identified 'ui-data-layer' @...
MAL-2025-6224 Malicious code in google-protobuf-conformance (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c56504427d8d150c02bac6d80c813025eafa11c3ed21419e5a3ce13a6c11ca6 Any computer that has this package installed or running should be considered...