Malicious code in @antv/my-f2-pc (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/gi-assets-neo4j (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3600 Malicious code in @mesadev/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3607 Malicious code in guardrails-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3603 Malicious code in @tallyui/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3539 Malicious code in @uipath/codedapp-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82a4dcd41442fccefd9cd7692dbc1dc3e82b0fcef90097d498991d8f09e7528b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages

Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials...

Microsoft Pushes Azure Users to Patch Linux Systems

Microsoft is warning customers that some Azure installations are vulnerable to a recently-disclosed critical Linux Exim mail server flaw that is under active attack. The warning comes after a widespread worm campaign was disclosed on Friday, targeting a flaw in the Exim mail transport agent MTA,...