Malicious code in bodega-sdk (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

MAL-2026-5801 Malicious code in bodega-sdk (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in @helpcentre/tesco-help (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb75510e87a08a5152331461c2b2b955ad21d418c8d2055f5f66ec15e22cf042 On npm install, the postinstall hook runs node index.js, which performs an HTTPS POST to https://f1ackavab3.execute-api.eu-west-2.amazonaws.com/...

MAL-2026-4378 Malicious code in @databus-service-ui/scroll-up-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02414b019347c91f59a506d88dffc19306c7c287936df0d42327ad6b32eb0bf2 scripts/postinstall.js performs two independent attacker-benefit actions when npm install runs. First, it scrapes installer-side secrets — environmen...

Malicious code in @pelmnaads/naads-common-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68990dfacdc750bf464d646aca4855c2dd23bbefcadef1d9638e2d663a23fc57 The package is published to the public npm registry under @pelmnaads/naads-common-logger with version 19999.0.1 — the canonical dependency-confusion...

MAL-2026-3256 Malicious code in @internal-infra/core-sso-bridge (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

EUVD-2025-179458

Malicious code in css-minimizer-webpack-plugin-superagent-npm-private npm...

Malicious code in css-minimizer-webpack-plugin-superagent-npm-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ec208a1d158e4c6d43500fa2e73288eb7c5b912b4a3684dfe6633d3d33ce166 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187465 Malicious code in inflation-hercules-websockets-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eaaec8b9b20ef97c9f9d461d93ab5827e3cdadcddac6b093d29437720f7fc415 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-111522

Malicious code in lynx-install-nightmare-private npm...

EUVD-2025-123380

Malicious code in private-semantic-ui-lynx-query npm...

EUVD-2025-124002

Malicious code in orbit-xanthus-apollo-private npm...

EUVD-2025-121522

Malicious code in supervisor-start-janus-private npm...

EUVD-2025-115717

Malicious code in capella-hexo-subscription-private npm...

MAL-2025-139650 Malicious code in atlas-neptune-postcss-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3642a23ed879e58d8e6a28ce1fe2b4842279d353ee9f22be6c766e7a10de4b67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in private-oauth-jsonp-geomorphology (npm)

The package private-oauth-jsonp-geomorphology was found to contain malicious code...

@simplyjoe/private-package (=1.0.1), antra567 (=1.0.0) +1 more potentially affected by unknown CVE via lodashh (=0.0.1-security)

lodashh NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on lodashh and may be impacted: - @simplyjoe/private-package =1.0.1 - antra567 =1.0.0 - cfn-resolver-lib =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory:...

Malicious code in jh-private-package (npm)

The package jh-private-package was found to contain malicious code...

MAL-2025-23789 Malicious code in jh-private-package (npm)

The package jh-private-package was found to contain malicious code...

MAL-2025-6230 Malicious code in airbnb-private (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 600d55fd3b665720464310cd371ad34de68ce71c922d62c4253b2faa215c0c39 Any computer that has this package installed or running should be considered...