8 matches found
EUVD-2025-30114
Malicious code in bioql PyPI...
EUVD-2025-30115
Malicious code in bioql PyPI...
Malicious code in @yoobic/design-system (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3dc662cb25b7ebe3c1d58e79387906ea93fed4e7034c6e415b1befd1971874a Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in @yoobic/yobi (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f973d949e3a5ae002289cfd3e93009c3a8122535b1f75f0363bd8e2c04a2548 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47291 Malicious code in @yoobic/design-system (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3dc662cb25b7ebe3c1d58e79387906ea93fed4e7034c6e415b1befd1971874a Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47292 Malicious code in @yoobic/yobi (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f973d949e3a5ae002289cfd3e93009c3a8122535b1f75f0363bd8e2c04a2548 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in @yoobic/jpeg-camera-es6 (npm)
Suspicious postinstall script executing bundle.js and the presence of unsignedbitwisemathexcess YARA rule match indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38de35c3ae3f0f156a77b94484f3774c14c293d3e37531ec74c8277fde1ad5c7 Any computer that has...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...