58 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Multiple Node.js Modules compromised in self-spreading npm supply chain attack (mini-Shai-Hulud) (05/11/2026)
The remote host has a version of one or more Node.js modules installed known to be compromised in the self-spreading 'mini-Shai-Hulud' npm supply chain attack reported on 05/11/2026. This wave is tracked separately from the original Shai-Hulud campaign because of distinct compromised maintainers...
MAL-2026-2208 Malicious code in @emilgroup/setting-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679e8996c56ffd334a5fd610afb087430e91e54ef7371e70ba8ce6170b3b9cf9 The package @emilgroup/setting-sdk was found to contain malicious code. Source: google-open-source-security...
Malicious code in @emilgroup/numbergenerator-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb683bd2b58170dd475a632d83ded202109e3d58609bbc2952c83baa19c6f3b3 The package @emilgroup/numbergenerator-sdk-node was found to contain malicious code. Source: google-open-source-security...
Malicious code in @virtahealth/substrate-root (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8348bbc19210fd9962510b31c4e08572ba739767bd183a4c867071a9a5f9d18 The package @virtahealth/substrate-root was found to contain malicious code. Source: google-open-source-security...
MAL-2026-2203 Malicious code in @emilgroup/discount-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b66c2b21da822102c367293fd9acc95e864afb9bb8ddebcb3ac0d49ccf583e The package @emilgroup/discount-sdk-node was found to contain malicious code. Source: google-open-source-security...
Malicious code in @emilgroup/partner-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b0abde6a2a005b2c63f18e87169a3b47ddfe6fb943ad82a005e1d3d3a8e5887 The package @emilgroup/partner-sdk was found to contain malicious code. Source: google-open-source-security...
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...