Lucene search
K

8 matches found

OSV
OSV
added 2026/05/19 12:0 a.m.9 views

MAL-2026-3953 Malicious code in @antv/g-plugin-svg-picker (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
Wiz blog
Wiz blog
added 2026/03/30 11:54 p.m.7 views

Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild

How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments...

5.9AI score
Exploits0
OSV
OSV
added 2024/09/02 1:42 a.m.5 views

MAL-2024-8624 Malicious code in @diotoborg/sed-minus-itaque (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb45b582e8b298a507adb803923ffc28de729355d030dc4867e691f38f1f941f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2023/05/13 12:0 a.m.9 views

MAL-2023-167 Malicious code in cfa-styleguide (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5562a6cb1d5f239216be52c28e8d316e8ffe0f490d11978863202a6fcfcbe8bc Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

7.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/21 12:0 a.m.3 views

Malicious code in omm-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9b77b7e73dde625c8bf9d9f21a73f6fd520dbb22c846db32bf17cfdd324c3da9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

7.1AI score
Exploits0References2
OSV
OSV
added 2022/06/20 8:21 p.m.9 views

MAL-2022-6978 Malicious code in vscode-stripe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1d0c32db564ed63889f6b2cbab203b6f3cf1d7b3a76bdc5c32e8637ba4e8a62 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:19 p.m.9 views

MAL-2022-4872 Malicious code in noblox.js-promises (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef88a053d29099e2f11a2382e0f0c51f729ec1e0574088753c633ed9a9e8f722 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2016/12/12 10:38 a.m.14 views

German Industrial Giant Victim of Cyber Espionage

German industrial conglomerate ThyssenKrupp disclosed last week that technical trade secrets were stolen in a cyberattack that dates back to February. Adversaries, ThyssenKrupp said, engaged in “organized, highly professional hacker activities” and launched their attack from the Southeast Asian...

1.2AI score
Exploits0References4
Rows per page
Query Builder