16 matches found
EUVD-2025-30123
Malicious code in bioql PyPI...
EUVD-2025-30124
Malicious code in bioql PyPI...
EUVD-2025-30095
Malicious code in bioql PyPI...
MAL-2025-47282 Malicious code in @things-factory/attachment-base (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2fbc742d9dac7f03e5dbac839d5f3d41c70ac7040a8a34a0a7d8164066154b2 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in @things-factory/shell (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ebd494f09184269de61b62501f8b32bfc56c353807f7e7356cecc35c5ab1346 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in @things-factory/attachment-base (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2fbc742d9dac7f03e5dbac839d5f3d41c70ac7040a8a34a0a7d8164066154b2 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47392 Malicious code in @things-factory/shell (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ebd494f09184269de61b62501f8b32bfc56c353807f7e7356cecc35c5ab1346 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in @things-factory/auth-base (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db891d17c83cd814d4976534e1ff8e7675f41f0c50baedecafab80bcdf4156fb Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47283 Malicious code in @things-factory/auth-base (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db891d17c83cd814d4976534e1ff8e7675f41f0c50baedecafab80bcdf4156fb Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47224 Malicious code in @things-factory/integration-marketplace (npm)
Suspicious postinstall script executing bundle.js and YARA rule match on bundle.js suggests malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 707cb5e2a466e8a099c5ffaaf71fd576d658e67702737dd3dfef8dc62127aa8f Any computer that has this package...
Malicious code in @things-factory/env (npm)
Suspicious postinstall script executing bundle.js and YARA rule match on bundle.js indicate potential malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88b8463d9fb16ac5faed1cd122997c683cc79534786bcf816139cefc13897168 Any computer that has this...
MAL-2025-47222 Malicious code in @things-factory/env (npm)
Suspicious postinstall script executing bundle.js and YARA rule match on bundle.js indicate potential malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88b8463d9fb16ac5faed1cd122997c683cc79534786bcf816139cefc13897168 Any computer that has this...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...