Malicious code in react-adsense (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@hocgin/ui (>=4.0.43 <=4.2.13), ame-miniapp-components (>=1.4.10-beta0 <=1.6.3-beta1) +5 more potentially affected by unknown CVE via react-adsense (=0.1.0)

react-adsense NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-adsense and may be impacted: - @hocgin/ui =4.0.43, =1.4.10-beta0, =0.30.0, =2.0.3 - hello-tea-js =1.0.0 - jie-web =1.0.0 Source cves: unknown CVE Source advisory:...

MAL-2026-4150 Malicious code in react-adsense (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @ctrl/react-adsense (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc78e701d6941c16bc77a99580c74125deb3045bfb62ccee9917be54177617e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Embedded Malicious Code

Overview @ctrl/react-adsense is an Adsense component for react Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens...