462 matches found
MAL-2025-47230 Malicious code in yoo-styles (npm)
Suspicious postinstall script executing bundle.js and YARA rule unsignedbitwisemathexcess match strongly suggests malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b064ef82c07e5538a3269d44de4c6750b224f665f808a5099715143c8be21e4 Any computer that h...
Malicious code in @operato/styles (npm)
Suspicious postinstall script executing bundle.js and unsignedbitwisemathexcess YARA rule match indicates malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f85f761f5ad599532a97a4c4c64bea4910004e56178cd4081fefb3b113ed8d6d Any computer that has this...
MAL-2025-47220 Malicious code in @operato/styles (npm)
Suspicious postinstall script executing bundle.js and unsignedbitwisemathexcess YARA rule match indicates malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f85f761f5ad599532a97a4c4c64bea4910004e56178cd4081fefb3b113ed8d6d Any computer that has this...
@crowdstrike/ember-toucan-styles (=3.0.1) potentially affected by unknown CVE via ember-browser-services (=5.0.1)
ember-browser-services NPM version =5.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on ember-browser-services and may be impacted: - @crowdstrike/ember-toucan-styles =3.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-EMBERBROWSERSERVICES-12744...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
@crowdstrike/ember-toucan-styles (>=3.0.0 <=3.0.1) potentially affected by unknown CVE via @crowdstrike/tailwind-toucan-base (=5.0.0)
@crowdstrike/tailwind-toucan-base NPM version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @crowdstrike/tailwind-toucan-base and may be impacted: - @crowdstrike/ember-toucan-styles =3.0.0, =3.0.1 Source cves: unknown CVE Source advisory:...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack
On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...
Linux Distros Unpatched Vulnerability : CVE-2010-3822
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during...
Malicious code in ansi-styles (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f82dc187071d265457effc48cb50c7ac209143e5da1a502a633a1c35b88aac67 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-46967 Malicious code in ansi-styles (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f82dc187071d265457effc48cb50c7ac209143e5da1a502a633a1c35b88aac67 Any computer that has this package installed or running should be considered fully compromised. All...
npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…...
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
...
Malicious code in node-ms-styles (npm)
The package node-ms-styles was found to contain malicious code...
MAL-2025-42039 Malicious code in node-ms-styles (npm)
The package node-ms-styles was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2021-26271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific...
Malicious code in eb-styles (npm)
The package eb-styles was found to contain malicious code...
Malicious code in common-styles (npm)
The package common-styles was found to contain malicious code...
Malicious code in base-styles (npm)
The package base-styles was found to contain malicious code...
Malicious code in botframework-webchat-styles (npm)
The package botframework-webchat-styles was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...