35 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...
Malicious code in @antv/g-plugin-webgl-device (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4021 Malicious code in @antv/gpt-vis-ssr (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3854 Malicious code in @antv/ava-react (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4145 Malicious code in lint-md-cli (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3956 Malicious code in @antv/g-plugin-webgl-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3932 Malicious code in @antv/g-plugin-a11y (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
MAL-2026-3762 Malicious code in exxpress-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 378e423b00c08a371fbae1c77360685d2277e502e9875caa53fb20f58a39f396 The package name exxpress-tool is a one-character edit of the widely-used express package. On npm install, the declared scripts.postinstall runs...
MAL-2026-2480 Malicious code in strapi-plugin-nordica-vhost (npm)
strapi-plugin-nordica-vhost is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
PT-2026-7971
Ivanti EPM vulnerabilities are just 'sus' - remote attackers can steal secrets in CVE-2026-1604 updated. ivanti epm cybersecurity vulnerabilities https://t.co/mWhvL25Pqz...
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest...
Malicious code in @dev-blinq/cucumber_client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db4a451970465311f6a1d2b9ac8b4713f2f4ff114aa37c12dd0daff6032c8ab6 The package @dev-blinq/cucumberclient was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191099 Malicious code in fuzzy-finder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebe54886101432e7b0f5fad8d751ca5493bfe6f8e067ab2010ef1a8aaa4cf435 The package fuzzy-finder was found to contain malicious code. Source: ghsa-malware b064e69feb20e776021d6962b2b92236a4dbe803610364feb603e47595cc2473 A...
MAL-2025-190772 Malicious code in eslint-config-zeallat-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28fe7c28614bd60fe323d92db35df502ed3c1c9076a708815031e1a78311c6e The package eslint-config-zeallat-base was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190723 Malicious code in @ensdomains/ccip-read-dns-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ddc155befe014da7ce46a7c122655187ecfb495a9af39726b73de5be9ad4f8c The package @ensdomains/ccip-read-dns-gateway was found to contain malicious code. Source: ghsa-malware...
Malicious code in @js-to-lua/fast-follow-commands (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df9453e1ee97636a2ab1a62d9eed556436a2d9c1cd5a551571468cbe3d4e4d93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2025-11994
Name of the Vulnerable Software and Affected Versions LangChain Core affected versions not specified Description A serious flaw exists in LangChain Core that allows attackers to steal secrets through serialization injection. This impacts applications utilizing LangChain’s serialization features...
PT-2024-5028 · Unknown +2 · Jumpserver +2
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.12 JumpServer versions prior to 4.0.0 Description: The issue is related to the JumpServer Privileged Access Management PAM tool, which provides secure access to various endpoints through a web browser. An...
CVE-2024-36677
The CVE-2024-36677 affects Weblir’s PrestaShop module Login as customer PRO (versions