834 matches found
MAL-2026-6435 Malicious code in serverless-leo (npm)
The serverless-leo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
MAL-2026-6419 Malicious code in leo-cache (npm)
The leo-cache npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
MAL-2026-6424 Malicious code in leo-connector-mongo (npm)
The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
MAL-2026-6430 Malicious code in leo-sdk (npm)
The leo-sdk npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in mjs-eslint-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e95cb81c6a1238d751c013def46001948b388083e0d91f7baa5077091ae006 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6054 Malicious code in @mastra/node-audio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e67f59921eaf19b7b608ed824610779a1929306854008a2a1633edf67bca3b7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6039 Malicious code in @mastra/temporal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 214be711b41a8883e3252f0e9e41bc902d62da7650334b2efdc7424194989101 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/nestjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cce4b38ce42c23095f722a3fd011dcd5070230e430bd5ef2be73c0eb943f79d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5943 Malicious code in @mastra/datadog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6becf49ea70ecc24e313fe6cd9f7a232df9465f3417b14de0f0002fcc170ab42 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5853 Malicious code in sp-api-dev-assistant-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b5b59005300a7a8612a3bf36d3707df573ac722e94e52a3854844345d63745 Package contains only package.json and README.md, with the README explicitly stating it is a proof-of-concept squatting an unclaimed npm name that wa...
MAL-2026-5298 Malicious code in executor-engine (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...
MAL-2026-5277 Malicious code in pantheon-toolsets (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3f2d24843d0caf23a36f07f7bd7b3adb7163463404856654f1745c7e75017be The wheel installs pantheontoolsets-setup.pth, which Python automatically executes at every interpreter startup before any user import. The.pth...
Malicious code in executable-stories-formatters (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abf4dee9166e156fd18cdc223be5d4da38eaa0eda8b28f6fde07190bc5244fd0 No concrete installer-harm indicators were identified in this version of the package. No lifecycle hooks, hardcoded network destinations, credential...
Malicious code in awaitly-mongo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f476f15bad689e2500c24cf2f416567759e5182689cc2cc301912ddfde02b1c4 No concrete installer-harm signals were identified in this package version. The package name suggests a MongoDB-related async helper, but no specific...
Malicious code in @ethlete/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 580c72aa7afc42653ec3679eeaa96ac10d9c389434355415542ac48a36c39b45 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in autotel-sentry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84599539075d0dc6b022b261b65d1926f5772707f817dbc50178b5538220e2aa The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in mountly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a392e66eff4da37e5adbd5288c1bb8da03c5348cfafacfa54aa113321e81dec5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in autotel-adapters (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e39e600baede93e3a5b493d603c5fe392c561544c95611960149ac4e7b99f98 No concrete installer-harm evidence was identified for [email protected]. No lifecycle-script droppers, hardcoded exfiltration endpoints,...
Malicious code in @ethlete/theming (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c7098701bc178c6dfbb1ecd8b91772b728d73c29805f74775b6f2636b2d01d The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in awaitly-libsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b990b0b3ddf0eb2fbfe64fc70090459960085e3268df5cbdd1a86f958f69448e No concrete installer-harm signals were identified in this package version. The package name combines 'awaitly' and 'libsql' a well-known SQLite-fork...