Lucene search
K

4 matches found

OSV
OSV
added 2026/05/21 12:0 a.m.10 views

MAL-2026-4205 Malicious code in defi-threat-scanner (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References16
OSV
OSV
added 2026/04/03 7:4 p.m.4 views

MAL-2026-2475 Malicious code in strapi-plugin-nordica-lite (npm)

strapi-plugin-nordica-lite is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 7:4 p.m.7 views

MAL-2026-2479 Malicious code in strapi-plugin-nordica-tools (npm)

strapi-plugin-nordica-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2025/10/07 3:58 p.m.6 views

Don’t connect your wallet: Best Wallet cryptocurrency scam is making the rounds

Phishers and scammers can’t get enough of sending their feeble attempts to Malwarebytes’ employees. For which we can’t thank them enough because it means we can warn you, our readers. This time the scammers tried to impersonate Best Wallet—an app that lets people store, send, and receive...

6.6AI score
Exploits0
Rows per page
Query Builder