MAL-2026-3757 Malicious code in claw-subagent-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36657c2be433b784c573082d364304325acccf033f70df17dbfe104b0173ccbe claw-subagent-service installs itself as a privileged auto-starting system service Windows service via post-install.js svc.install, with documented...

MAL-2026-2452 Malicious code in strapi-plugin-blurhash (npm)

strapi-plugin-blurhash is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topolog...