Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec

New York, New York, April 1st, 2026, CyberNewswire...

CVE-2025-13127

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting XSS. This issue affects GoldenHorn: before 4.25.1121.1...

CVE-2025-13127 XSS in TACAS Consulting's GoldenHorn

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting XSS. This issue affects GoldenHorn: before 4.25.1121.1...

Malicious code in verify-tac-malasikiu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 042ff9f899b668756e2f3ecde17cc15b153a50e1f85f622bfe287483d315f9c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dajouka-dsas-tac (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ebed85650ecdfc7071514f1f6c41f7e87866f8df28f2008ddf32ba51cb1e358 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-146375

Malicious code in verify-tac-malasi npm...

EUVD-2025-146370

Malicious code in verify-tac-malasikiu npm...

Malicious code in dajouka-reta-tac (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9ed8241b5d9e5aa96f02af1ae354f15e04c2c311976c9f48236de8c7477d537 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in verify-tac-malasi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e8d5a87ba7adafdd15a2f5abf2c38e8d385bef18decf14c2a3fcda7fef759e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-146364

Malicious code in verify-tac-mehncal npm...

EUVD-2025-146377

Malicious code in verify-tac-mal npm...

Malicious code in dajouka-degfta-tac (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54cba6fb937de994df16c2b3c8a392ee604a82f5771d3d832019604170c8c997 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-170447 Malicious code in verify-tac-mehnal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9dfe6085d2dc622f40fd183b692cc8ae687903d0e2d59fbcaaf0b78a2243aed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154143 Malicious code in dajouka-d-tac (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a66ecdb31630c06e921a1c2a0b14f151865c03c3c958165255441eeb7db42e14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-170444 Malicious code in verify-tac-malasiu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a1c7bb6417c41cbde8f9d3ec78fc412a9c2aed9172367af4de12e3e1ebaca84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dajouka-dpdas-tac (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f69bfd7069502a0c27dd86497127b8599699e72354b9757f260219b8a0fd10e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-170440 Malicious code in verify-tac-malasikiblu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf1848278c34558fa344142dbfcdae0b480d5eaf718b48ba095c58444fa0e85d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-146378

Malicious code in verify-tac-busuna npm...

Malicious code in verify-tac-mhnal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fe2a5c697bdcbca1d5a2cda9fe4bfba26612659dfbcd1fadce9d3abe655c005 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-146367

Malicious code in verify-tac-mechanical npm...