10 matches found
Malicious code in strapi-plugin-blurhash (npm)
strapi-plugin-blurhash is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topolog...
MAL-2025-191443 Malicious code in uniswap-test-sdk-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe6b79cd83b108da1a067e001b5ee8a12f6b2b75ef559b4fca893dc2029eb1b6 The package uniswap-test-sdk-core was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190937 Malicious code in undefsafe-typed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71757e5cdef13d215b8506dfd5b00831fc29a7a24e208472c79fd40c2abe7967 The package undefsafe-typed was found to contain malicious code. Source: ghsa-malware 1a19664890dd6d9bba23c333e1095114841ef498dec4eaa02c1bff38bc80aa4...
MAL-2025-190800 Malicious code in @asyncapi/php-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81619d0ddfa1696b71c550ba94be4ddbdaed53aaef37376f8024945422da51b5 The package @asyncapi/php-template was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190666 Malicious code in @ensdomains/content-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39aeb9f2a2d9a8ee1c57695456c8af6657d069eaee694ef7f8c128bb292bfabd The package @ensdomains/content-hash was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190649 Malicious code in posthog-react-native-session-replay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2487b6f3e3f9f2ef47f2509033fe071b332f5035e1e01320482eea928ae8a120 The package posthog-react-native-session-replay was found to contain malicious code. Source: ghsa-malware...
MAL-2025-47355 Malicious code in ts-imports (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eccb885c4d87f75ef3479173055a689c6b90773619272c8ccf891bd342a7128b Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47273 Malicious code in @teselagen/file-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7da1a31ac60a5206e526134aa3bb58f83fa6e2d32f66cacf06f26a91de3b71f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in b2b-canaisdigitais (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4dc971b04d6b1823268396807c41d808cc18fd8c2b2094b5c9ee6fb342083172 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Malicious code in samuelpoctester (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1f7b2e15c0c93b4a5ee61dc9bede38e31e95af4885247c9d4c30d4846d2d67ed Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...