9 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in soap-kronos-altair-husky (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d77eb1f92067d89ba7771e0a7455859f0f64087963510a65ec757bc34185c648 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-137774 Malicious code in vida-lepet56-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd2ef31ea2d30229c2b563e27b6a90be5a6b6c359073897d79f55568165039b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-119819 Malicious code in erwin-keripik71-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e06b29fceac35d3c8e1c06e4fddef8a74a3f9bb557bcf1277e010b8265b6c39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bitcoinlbi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 44f7cf049c35f1e744adea1f7a728f13486bad3dd5a8158e39113437f930282f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...