US Agencies Face CISA Deadline Over Critical Cisco SD-WAN Flaw

US agencies race to meet a CISA deadline after a critical Cisco SD-WAN Flaw exposed federal networks to long-term intrusion and forced security action...

MAL-2025-47189 Malicious code in middleware-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 572eeb4389dd6da0c13648478c40f302f15e7736279e3b33d171a315a2cac60d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6219 Malicious code in react-international-phone-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55dc391aa3ec3a479f332033f4ed1c9804c98935cd8ec931e830a8f44a9b790f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6175 Malicious code in kiwi-module-seo-featured (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c24e834cb597541f0c8dcba8a3ce294a90caaefaec74f82d2e208a5b590581f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6143 Malicious code in @verge-vcl-react/empty-state (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c6dc68e47c23f02d70ee699a86368034f0b827a80dcacb93619ac71261e500d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6004 Malicious code in winston-compose (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 981347a4b88ce00ab42b1a3f93b56d89cf28282070c617325e304221c6ce4882 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5892 Malicious code in apple-keto-acv-gummies (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3431204b738da9726bd553e79f2bdb59fcc81bbb87b633b959947a1d24675da7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5800 Malicious code in tyrtle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6e13a7780a46e82cf53e4515084323c593dd81279f30c4010258429cb0beaba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5796 Malicious code in sqltools-kusto-driver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b4f7793f8ffb915758717bd05607ceb0b5f0d1525a564240e518e4191985f95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5719 Malicious code in product_card_grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cff91597e126b61f1bb6911119a35d329959dadbfee0c086ccd4c7d79bf2ca7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5715 Malicious code in pbr-client (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4933f0eae305db421cd46414b1773fb97338c6966af0abd06e1232ffe4c4c96f Any computer that has this package installed or running should be considered...

MAL-2025-5621 Malicious code in on-off-ramp-demo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b6976f60e83349939cda55fa116d6f3df6d085aea3969653b767ba47863deff Any computer that has this package installed or running should be considered...

MAL-2025-5541 Malicious code in azure-sentinel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37e43a68053a45c1fcdea9e752fd9c13f6906e780ab5b8ff5436b3f1b5533d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5495 Malicious code in dtable-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4325bcefb1ef8dd7bf39cc694fc039f034e9a3811c8af4e36099a9d2bb375318 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5448 Malicious code in online-learning-ui (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 853a4095a2f08a67260f3c2220bc45ef9484b10db0a4f909560bf36485cb54cf Any computer that has this package installed or running should be considered...

MAL-2025-4922 Malicious code in ac-ajax (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6104c32d3a2365656156e83b9d2484fa03258db82702dc5c8e772a97ee067968 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4929 Malicious code in thisisatestllll (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2feaf463b5dc4c05046c75b03a21ba4672af2d3b4af04f3b80dc7bd9768179d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4830 Malicious code in fyre-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e82542784f34a2534dd1dd5917f6740c32611b9f154b5ef6a18a62a2934667f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4704 Malicious code in stake-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 505bc2ea5f7bcdaeafd338ab86be15a36425335f5d45c1b2d5d03d43068ab07f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4532 Malicious code in midd-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dd0235b84c32b991facdc8454fcad039a9ad0d52cdc8f5d4a6c3504657c7fa6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...