13 matches found
CVE-2025-59141
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
GHSA-9G9J-RGGX-7FMG [email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker'...
[email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker'...
CVE-2025-59141
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...
CVE-2025-59141 [email protected] contains malware after npm account takeover
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59141 [email protected] contains malware after npm account takeover
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59141
CVE-2025-59141 concerns the Node.js package simple-swizzle. An account takeover via phishing led to a malicious 0.2.3 release that, when used in browser contexts (e.g., direct script tags or bundlers), attempts to redirect cryptocurrency transactions to attacker-controlled addresses. Local/server...
simple-swizzle 安全漏洞
simple-swizzle is a codebase by Josh Junon Personal Developer. A security vulnerability exists in version 0.2.3 of simple-swizzle that stems from a phishing attack resulting in account takeover and implanted malware that may redirect cryptocurrency transactions...
Malicious code in simple-swizzle (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 052372c7c31f98ff69d0c555f9b8438dac12a292fa6e1f63d4b6160d6a8376c6 Any computer that has this package installed or running should be considered fully compromised. All...
@dasha.ai/cli (>=0.7.0 <=0.8.0), @dasha.ai/sdk (>=0.11.9 <=0.13.0) +4 more potentially affected by CVE-2025-59141 via simple-swizzle (>=0.1.0 <=0.2.2)
simple-swizzle NPM version =0.1.0, =0.7.0, =0.11.9, =0.13.0 - agcim =0.0.1 - astro =5.13.6 - color-string =1.0.0 - geoscene =1.0.0 Source cves: CVE-2025-59141 Source advisory: OSV:MAL-2025-46978...
MAL-2025-46978 Malicious code in simple-swizzle (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 052372c7c31f98ff69d0c555f9b8438dac12a292fa6e1f63d4b6160d6a8376c6 Any computer that has this package installed or running should be considered fully compromised. All...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...