2 matches found
MAL-2026-5283 Malicious code in okite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cc7d54b0e30e24367551e3f19ab7387cf397cf9e1b5889c9f04ff871c771c38 The package installs okite-setup.pth, which Python auto-loads on every interpreter start. The.pth file contains a one-line obfuscated exec of a strin...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...