2 matches found
Embedded Malicious Package
Overview @xene/core is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private repositories, delete...
MAL-2025-6069 Malicious code in @xene/core (npm)
The package communicates with a domain associated with malicious activity...