2 matches found
MAL-2026-3924 Malicious code in @antv/g-mobile (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3543 Malicious code in @uipath/docsai-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2df6b51f1b5589ef118d9b34d60200e0355bd43fe0ee8cd461f222b6a7f0bcbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...