3 matches found
MAL-2026-4155 Malicious code in timeago-react (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@0xsequence/checkout (>=0.0.0-20250314205219 <=5.2.4), @0xsequence/kit-checkout (>=0.0.0-20250305153405 <=4.6.6-beta.0) +210 more potentially affected by unknown CVE via timeago-react (>=3.0.2 <=3.0.7)
timeago-react NPM version =3.0.2, =0.0.0-20250314205219, =0.0.0-20250305153405, =1.0.0, =1.0.0, =0.5.4, =1.0.1, =2.0.10, =0.25.0, =0.23.0, =0.0.1, =1.0.7, =1.1.6 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4155...
Malicious code in timeago-react (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...