Malicious code in commerce-utils (npm)

Malicious package due to data exfiltration to a suspicious host, combined with arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb3d6d3a8a8898abe7e371e54753d5902a5062151888ccff6c656f5edac6ba6 The package commerce-utils...

MAL-2026-2497 Malicious code in commerce-utils (npm)

Malicious package due to data exfiltration to a suspicious host, combined with arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb3d6d3a8a8898abe7e371e54753d5902a5062151888ccff6c656f5edac6ba6 The package commerce-utils...

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. Attackers maliciously modified hundreds of publicly available packages, targeting developer environments, continuous integration and continuous delivery CI/CD...

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. Attackers maliciously modified hundreds of publicly available packages, targeting developer environments, continuous integration and continuous delivery CI/CD...

Malicious code in paypal-invoicing (npm)

Malicious package. Collects system info, exfiltrates data to hardcoded IP, runs code during preinstall, and attempts to hide activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd66aabb4b40f49dc7ef8bda42a33f705beb6def65601b8fd3025c7e055bc2e6 Any computer that...