3 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in mad-nut-beligoli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7fb809b4793aa087e08c279bca8aca8e098b35265912ec35a96525daeaea7e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gita-sambel30-sumpek (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d5a7ef273702c7fe57141a668111f85dbe5f862b5985248dc76582ae494ca55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...