605 matches found
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
Malicious code in @lokeswari-satyanarayanan/rn-zustand-expo-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe3bd99e2f11ab8bb09a9086c4dca8af56372031492ed11d90f1e32a0e8f53 The package @lokeswari-satyanarayanan/rn-zustand-expo-template was found to contain malicious code. Source: google-open-source-security...
Malicious code in pkg-readme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfc479ddf04c9b4dccdd1b190ab6a553b8b70b35dd010db9a2f6facee0990c78 The package pkg-readme was found to contain malicious code. Source: ghsa-malware 1367f46db577db5123a8d208e0f5d172747a39e623e7c33db0a7e240d28f9d2a Any...
Malicious code in @dev-blinq/ui-systems (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ce530512b608913637db50ce0058d08d5afb8173c8b5968023c9b9665bcde49 The package @dev-blinq/ui-systems was found to contain malicious code. Source: ghsa-malware...
Malicious code in @oku-ui/portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0711033d654f75b42d8959721555bcf5aa5fb766ccc12b6e89c56eef0d8cafd The package @oku-ui/portal was found to contain malicious code. Source: google-open-source-security...
Malicious code in @posthog/heartbeat-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b0402071ebf395126c5e1e90681622f203d9744eca75a1f2061a6a2d030cdcc The package @posthog/heartbeat-plugin was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a8c6b88ad67d8ceece37df9641f6712f7047aa566957d0937eb3ca99aed10dd The package @voiceflow/runtime was found to contain malicious code. Source: ghsa-malware...
Malicious code in @oku-ui/separator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56b737a01a45b68e312a6864869538663927b97e9662c9e4e885d24a464fff51 The package @oku-ui/separator was found to contain malicious code. Source: google-open-source-security...
Malicious code in eslint-config-kinvey-flex-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2a9878339c2f4bb9dd2871f516aa58a93438018366470f0a023f02178420971 The package eslint-config-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/voiceflow-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64870c57f06fc059636a3136cce3f775121952fa37459d740810067378d88c0e The package @voiceflow/voiceflow-types was found to contain malicious code. Source: ghsa-malware...
Malicious code in @pergel/module-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ce0c82f79656be99edeef5afbd890a8a5720c0a0e6acbdd2ce273ed8c151c2c The package @pergel/module-graphql was found to contain malicious code. Source: google-open-source-security...
Malicious code in selenium-session-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c213ecffb94ad5db9053c2dcf20681d6fe3a5baa0b8ed42d87e01c7ef930a704 The package selenium-session-client was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/alert-dialog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824a69f83431a766f681bc72d705ff3b28ae9309898b4ad10979adca148f2276 The package @oku-ui/alert-dialog was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/verror (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b5a50b0295fd87094117e38841e99bba0c11d47626ee9ced19ea9e7547d08e The package @voiceflow/verror was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191247 Malicious code in @mizzle-dev/orm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd528c11fe54881e4913d51e5acc448562c3fc1b7edaae7aa2a40e6b12425f55 The package @mizzle-dev/orm was found to contain malicious code. Source: ghsa-malware c327219099fb121baf202032e61fc1b4881236e892dea9b4aa2b6159f953696...
MAL-2025-191286 Malicious code in @pergel/module-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ce0c82f79656be99edeef5afbd890a8a5720c0a0e6acbdd2ce273ed8c151c2c The package @pergel/module-graphql was found to contain malicious code. Source: google-open-source-security...