Malicious code in @link-assistant/hive-mind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dfeaad3a9eda8f440dabe165d4ff6ba593c9858b9752d9bded19b05b292072a The package fetches https://unpkg.com/use-m/use.js — an unpinned URL that resolves to the latest published version of the third-party use-m package —...

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread...

MAL-2022-696 Malicious code in @unpkg-semver/pedops-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7b5459fd755d4527552fb55fb90015ab04eee1a1afd2678656b04c0ea32ec19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-697 Malicious code in @unpkg-semver/wix-recorder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 910f14b4935796b6ad35693ca2a4f0c5d3c04eefe4ebd6da1e7b75cfc03fb1fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...