3 matches found
Malicious code in iceberg-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
MAL-2026-3650 Malicious code in microsoft-applicationinsights-common (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...
MAL-2026-3648 Malicious code in auth-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...