Malicious code in @fairwords/encryption (npm)

The @fairwords/encryption package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+ environment variab...

EUVD-2025-135000

Malicious code in zaskia-poke13 npm...

EUVD-2025-105856

Malicious code in dewi-gulai63-breki npm...

EUVD-2025-96060

Malicious code in ocha-tahutek72-breki npm...

EUVD-2025-40929

Malicious code in tomi-kue67-sluey npm...

EUVD-2025-34137

Malicious code in internal-greeter-utils npm...

MAL-2025-43606 Malicious code in bella-ragi4-breki (npm)

The package bella-ragi4-breki was found to contain malicious code...

Malicious code in todayistheday123 (npm)

The package todayistheday123 was found to contain malicious code...

Malicious code in okta-gandul53-breki (npm)

The package okta-gandul53-breki was found to contain malicious code...

Malicious code in brook-aspen-jdw189-project (npm)

The package brook-aspen-jdw189-project was found to contain malicious code...

Malicious code in @mosfe/sso-sdk (npm)

--- -= Per source details. Do not edit below this line.=-...