Malicious code in onboarding-respects-modal (npm)

onboarding-respects-modal is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.99.99, a floating-version bait use...

MAL-2026-5460 Malicious code in fhirproxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e092973bad8e995bdec34000e45943e0be59996e84f181ee4bee9cd423f8eb [email protected] is a thin loader package whose only behavior is to pull and execute the dependency fhirproxy-utils. package.json declares both...

Malicious code in agents-a365-runtime (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...