25 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious code in @productdevbook/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 884cad7d1d5eb715a5945ab44c4acd884887a533f4c4334d0d88ccad9a7dd618 The package @productdevbook/auth was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191215 Malicious code in @everreal/react-charts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5768b8f3a3e5bd1a30a71e7ec2dccf1b55e7e06c7967fe7f40bb6cd938104716 The package @everreal/react-charts was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191310 Malicious code in @sameepsi/sor2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c5470b040485c9e91f7985d59bd1b1754daed9d80ab9545426cfcf57d627928 The package @sameepsi/sor2 was found to contain malicious code. Source: ghsa-malware 2d34ad4c15350b1f697d541469fe980138a8d60a6abf768fcc4c6365a9d186d6...
MAL-2025-191075 Malicious code in bidirectional-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9232b33b143ce14e500ddb0d725a5b646a180ad4bd7dbf1fc8890baefdd22f95 The package bidirectional-adapter was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190951 Malicious code in composite-reducer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eecfe869a6cc75f59e734412ec583d6bb95ddaab6b45c9c22526ba7b556e004 The package composite-reducer was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190925 Malicious code in posthog-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2ec4a50c0b553e9abbcc25147ad50014cf1488415e1ec8e3234f3e9bb3cc24e The package posthog-node was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190888 Malicious code in @posthog/pagerduty-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34f138dd2e1bf5607f92e6db9b88a64a178880202726e7dccf9d2970644cf007 The package @posthog/pagerduty-plugin was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190795 Malicious code in @actbase/react-native-kakao-navi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c36d15c71a449d1035dde1e2271d10ec03380984f3d4e8f520200fdd5c6da864 The package @actbase/react-native-kakao-navi was found to contain malicious code. Source: ghsa-malware...
A Dangerous Worm Is Eating Its Way Through Software Packages
Plus: An investigation reveals how US tech companies reportedly helped build China’s sweeping surveillance state, and two more alleged members of the Scattered Spider hacking group were arrested...
MAL-2025-47290 Malicious code in @ui-ux-gang/devextreme-rpk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc643d20a812778984d46636db2ea2e7e08c97ca2710b212c0b07a023461df59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...