1755 matches found
MAL-2026-6944 Malicious code in zredis-typed (npm)
zredis-typed is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...
MAL-2026-6687 Malicious code in procwire (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 011cf28d546459d946b1ed6d92c3beb4cb7c5322d6a9370d52fcd40e9a81ac2f On Windows, installing [email protected] automatically downloads and executes an attacker-controlled executable. The package.json preinstall script runs...
MAL-2026-6635 Malicious code in @orbis-lr-sdk/orbis-lr-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 447ee314f32023031250cefe4570378f31d8055a02384eccecb5c288ae6e2405 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6622 Malicious code in @gallup/pc-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eca755b4cbe794ce9b1389cff974fb13df6325eeb2eb658ca64a7bb7ee734b8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6669 Malicious code in pvd3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c992d4bd87c36aa389d168c263ca0b89c04b425b0483217ae1098a0c2f3ee10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6658 Malicious code in bundrix (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f853223051c1cb68bc005b827209cb844bcde568473a9ff819fb34fccb042d74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6142 Malicious code in db-connector-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b028ed25796b267dc7df004e294b917a05c2e5fdd76e2540530b8c179843c6 [email protected] impersonates the legitimate dx-db-connector package divbloxjs; package.json's repository/homepage point at the divbloxjs proje...
Malicious code in sea-bound-siren (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...
MAL-2026-5664 Malicious code in @tribe-digital/shopify-starter-theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d20022a66a46ee0bc6a944946691b3746c8e0262e00b90891bd6ef26519e8a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...
MAL-2026-5384 Malicious code in enquriers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c7f041bb6800c0c765683543b18f204299e64265c3d9124c54f7f0169b53348 Package name 'enquriers' closely resembles the widely-used 'enquirer' package transposed/added characters, suggesting potential name-confusion risk. ...
Malicious code in void-ulid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17c8bf4c8a22f2c86dcf8af482d28d5fccfc1d5971289e4f06afedc17c0585a9 void-ulid impersonates the legitimate ulid/ulidx ULID generator its package.json reuses the upstream github.com/ulid/javascript repo URL but ships a...
Malicious Package
Overview nottuff18 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious code in @redhat-cloud-services/frontend-components (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in tailwind-smooth-slider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4789 Malicious code in ggk-happy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d747cc7acd8bbc1defbf475aa3202fd332fd43135a6fedddfcc37356ce02eb54 Package presents itself as the legitimate slopus/happy CLI README instructs npm install -g happy; homepage, repository, bugs, and author fields all...
Malicious code in itc-actors-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22687e1f7601dde1753d3775925d62d040892631394937e56e9b9fba74fb85c6 The package contains callback.js which collects host identifiers and user information os.hostname, os.userInfo, os.platform, cwd and transmits them v...
MAL-2026-4196 Malicious code in pinno-loggers (npm)
pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
MAL-2026-3793 Malicious code in simple-date-diff-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb5f213f91d456c5ac949bf0995ee5310b944a9bf102b429edec11a99cfb6bf The package simple-date-diff-utils was found to contain malicious code. Source: ghsa-malware...