Lucene search
K

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:4 a.m.21 views

Malicious code in @qwedqwed/axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65cc6ad7f5d72e7e50a4493915cc5b8ce23b39b6f25ca5515228be44695016ca Package @qwedqwed/axios is published under a scope that does not belong to the real axios maintainers but copies axios's README, source, homepage...

5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/03/31 12:0 a.m.6 views

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging...

5.8AI score
Exploits0
Rows per page
Query Builder