Lucene search
K

5 matches found

OSV
OSV
added 2026/06/09 7:55 a.m.9 views

MAL-2026-5354 Malicious code in defi-tools-39 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, byte-identical to swap-sdk-87. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/09 7:55 a.m.10 views

MAL-2026-5359 Malicious code in swap-sdk-87 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Inflated version...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 6:24 p.m.13 views

Malicious code in ethers-wallet-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6dae6dc459fa2ef437e532af4b27b6c50360a40cdb9d91563d25a48bae88cec Package name impersonates the official @ethersproject/wallet, and package.json spoofs the ethers.js maintainer identity author 'Richard Moore '. The...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:40 a.m.13 views

Malicious code in ethers-wallet-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beda1480a40189cc8177ace4e3d6fd9773ad81f4cbe5a6c07e3004427846dc8d The package impersonates the legitimate @ethersproject/wallet source files are otherwise verbatim copies, including the internal version string...

5.8AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/03/02 8:59 a.m.9 views

Purchase order attachment isn’t a PDF. It’s phishing for your password

An attachment named New PO 500PCS.pdf.hTM, posing as a purchase order in PDF form, turned out to be something entirely different: a credential-harvesting web page that quietly sent passwords and IP/location data straight to a Telegram bot controlled by an attacker. Imagine you’re in accounts...

6AI score
Exploits0
Rows per page
Query Builder