459 matches found
Malicious Package
Overview search-engine-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by...
Malicious Package
Overview git-config-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview env-loader-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious code in finkrouter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff852ad2ff69ee287dd37d79ea134314ffca73772068117b819495250ff401f3 The package ships a single heavily-obfuscated cli.obf.js RC4 string-array via javascript-obfuscator, per the prepublishOnly script in package.json...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious Package
Overview nicegui is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between those...
Malicious code in github.com/BufferZoneCorp/go-weather-sdk (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
MAL-2026-3625 Malicious code in github.com/BufferZoneCorp/go-stdlog (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in enhancer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cefeea627aa1a0cc84aeedff1db0ae88ebf61b233bb9b20fa82b0a5fd0737cbf The distribution is published as enhancer but installs modules under the top-level safety namespace setup.py declares namespacepackages='safety' and...
Malicious code in agentwork-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in ml-toolkit-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @mesadev/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @draftauth/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3586 Malicious code in @uipath/vss (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfeb2de2eaeb02a5d8f7ce7edf48891f2dad988fb8fd5ed5b26e7c7118f3c9cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3585 Malicious code in @uipath/vertical-solutions-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76957e857334423d0c1f4100218bb5856183968cc9475481adecdf97eac57796 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/resources-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 740339e7d1f42f7f163cbe965322c0e9438ae7efd05a29fbd4cc161e6fe5a5f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3569 Malicious code in @uipath/resourcecatalog-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cb7666d347d87ddbbd13f929181a8d85ab38a63997fb34b91d420acd09616f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3562 Malicious code in @uipath/packager-tool-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd70af63416c44f0ddb62846ccd313a62afda6fb1664a7cc989789cd983a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...