3203 matches found
PT-2026-51434
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description The Authorize.Net webhook handler at 'plugin/AuthorizeNet/webhook.php' contains a signature verification bypass. An attacker can forge webhook requests by providing a valid transaction ID from a small...
MAL-2026-6192 Malicious code in nodepathbalance54 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ade836e7f92049242a01dbc0782900900c4e28eb7e08f9d9ebc611aab80762 nodepathbalance54 exports a single function nodeaxionweb whose implementation is hidden inside a hand-rolled stack-based JavaScript VM in index.js...
Malicious code in nodepathbalance54 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ade836e7f92049242a01dbc0782900900c4e28eb7e08f9d9ebc611aab80762 nodepathbalance54 exports a single function nodeaxionweb whose implementation is hidden inside a hand-rolled stack-based JavaScript VM in index.js...
Malicious code in twrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....
MAL-2026-5841 Malicious code in twrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....
MAL-2026-5804 Malicious code in flow-lending-sdk (npm)
Continuation of the flow/surf-lending DeFi cred-exfil campaign c1655. Sentinel-9.9.9 depconf squat; preinstall node index.js || true exfils env secrets mnemonic/private-key/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion same C2. Companions bodega-sdk/flowdefi verified identical...
Malicious code in surf-lending (npm)
Sibling of [email protected] campaign C2 path /surflending/. Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets mnemonic/key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252. --- -= Per source details. Do not edit below this...
Fake verification pages are stealing Steam accounts from players
Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding, working links, and what appears to be a real Steam login window. By the time it asks for your password,...
Malicious code in solana-rpc-pool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e128b9efb48222aac63385175a13c182fc4f832f83576eb80f7777f255048c On npm install, the package's postinstall hook runs install.js which performs four independent attacker-benefit actions. 1 Credential theft: it reads...
MAL-2026-5573 Malicious code in solana-rpc-pool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e128b9efb48222aac63385175a13c182fc4f832f83576eb80f7777f255048c On npm install, the package's postinstall hook runs install.js which performs four independent attacker-benefit actions. 1 Credential theft: it reads...
Malicious code in websocket-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c15c40b8371646f167ffa7d5a2ba2c8d0fd454ef7054eeb41807a1a3eda8e7a6 On npm install, this package runs node test.js via scripts.postinstall, which executes the logic in index.js. The postinstall behavior performs three...
Malicious code in v018-axios-cdntest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d30d2c9939173663f8ba1312b2591d2f86c67657bd5eeff59b19187f50b901 Package impersonates axios v0.18.0 index.js carries the genuine axios v0.18.0 | c 2018 by Matt Zabriskie header and sets window.axios=,...
Malicious code in events-runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac4806dc5c887c91db1f2570abcae5b98d62dfae36bea2ddb9e2449efd62eca Package name and description impersonate the popular events package Node's event emitter for all engines. The vendored events.js adds an undocumented...
MAL-2026-5528 Malicious code in events-runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac4806dc5c887c91db1f2570abcae5b98d62dfae36bea2ddb9e2449efd62eca Package name and description impersonate the popular events package Node's event emitter for all engines. The vendored events.js adds an undocumented...
Malicious code in coinbase-wallet-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ab9b05ffef17005997a718b420c7842eaa66c9e8b6586f8f62ccaeeb3d35a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview coinbase-wallet-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-5499 Malicious code in coinbase-wallet-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ab9b05ffef17005997a718b420c7842eaa66c9e8b6586f8f62ccaeeb3d35a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in exodus-wallet-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...
MAL-2026-5443 Malicious code in exodus-wallet-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...
Malicious code in exodus-ethereum-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e52a42f8980da0a9df361ef772ca31bbdaec85eb3fc7a73dbcfc8b5ca6894a Package name impersonates the Exodus cryptocurrency wallet brand and ships no real functionality src/index.js exports an empty object; package.json...