225884 matches found
Malicious code in @chahuadev/junk-sweeper-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d446150767f92344d8d0a699f5879bd746200fb8beb60554408699868f03d51 The package's postinstall script package.json line 10: "postinstall": "node install.js" unconditionally fetches a platform-native executable from...
Malicious code in guan (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...
Malicious code in housecallpro (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6e95d04cb7977b9da45686f61f19767b33fb3e4fd1af5081b1a27acfd9ee9337 The OpenSSF Package Analysis project identified 'housecallpro' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in @tallyui/storage-sqlite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dfe62118fbe292ca123fb157b6fe7d34d5613dcc334553c5cb767636b88ef2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ml-toolkit-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @mesadev/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @uipath/vss (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfeb2de2eaeb02a5d8f7ce7edf48891f2dad988fb8fd5ed5b26e7c7118f3c9cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/uipath-python-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 465b4e4f63672a795258fa84f389a2194ac5052990b98799381806b2cc286069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/rpa-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27baf6f8e722fd9803bff5f0d455ae5867fcf87135864df02a6f269cccf659fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/robot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bea1fa21506bd8c16e7bfe9374906720288e6a4cae68b5e28299322cadebf60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/codedagents-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7321b8eb18854f6e785ee2862e6f977f0e45ab2cfda39b5c05a3ca23a704a15c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tallyui/connector-shopify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d106ed4bb3649c216aa7b4a45dec994551171295f9a95aa27ed7e0561664e644 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mistralai/mistralai-azure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af58e099ab615b8869cb741b5604f6becdf1e9d1d7c5ac326f9c4065f5f590f6 The package @mistralai/mistralai-azure was found to contain malicious code. Source: ghsa-malware...
Malicious code in @tallyui/connector-vendure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283da4a59287c5418e3485a9a642cfbb9cc387f5e1ab4c120af92199daa0970 The package @tallyui/connector-vendure was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/navaid-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 966263f7b58fca4470e282294f432c7c78d25b154b3c6daf6580d2b426a5e004 The package @squawk/navaid-data was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/icao-registry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cdcc18fc8342a0ce7e7b2f3751bcb7d6e64c3fe660a9c5836f6d06aac4a4b45 The package @squawk/icao-registry was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/airports (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fabaad6adcf6ba78ba71fb750d70c8e3f3a1e524a75a6b8bf8ddc7769ac5b0 The package @squawk/airports was found to contain malicious code. Source: ghsa-malware f8adf8853b03c99d84b919062f8c688b4bfb42f72cc9de33299fe3e3f9a2b9...
Malicious code in @squawk/airways (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a54989a6191f1d94771608b8f3552bda56715631b5a25aa301da35cd1ccd869b The package @squawk/airways was found to contain malicious code. Source: ghsa-malware d2d4644fde6979be241ba839c52ea3532ef3b0b25355b239ade4e1dafd9e272...
Malicious code in @tanstack/router-vite-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59c369975f931e9f8a4ca499e887c2ec41f7d1dbfcdcb83fa9e6ec9717ea4910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @squawk/airport-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a12035131eafd29a07572751653f857706ac1b113fcbd498a70f54d96d5276cc The package @squawk/airport-data was found to contain malicious code. Source: ghsa-malware...
Malicious code in cross-stitch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfe06155444d60d3774a256051b31f6a4814f484f33830cbe61eec7ebe611be6 The package cross-stitch was found to contain malicious code. Source: ghsa-malware 7c23bb77e762be76915e8202d11074aaa122efe0a8a32e403fa00ee8563c9bbe A...
Malicious code in @tanstack/react-start-rsc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/eslint-plugin-start (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b955b97c1476120c292ac6f7089a3d876161555205940838c49e6b09abe08e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in textwrap-ext (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da4e8d5daae9a14e0ceb5a942afd308068957ec655cdd950b2b041934e9ec182 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...
Malicious code in ggfmttygl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e741cc1df48cc526ad3a27ac702f5dea403723557b4a485f84847340310d66e5 Package is disguised as a utility, but in fact loads encrypted code as modules. However, loading it requires knowing the decryption key which is not included i...
Malicious code in python-bittensor-config-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6f2ecdbc9e024d6dc51c8e5d48941c5aac432db65ad733317aed159d480973cd During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...
Malicious code in textwrap-formatter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 18da24e92fd40457ad3df2af568c07d41b35f44e6e07e8fac3bf0eafba9c2154 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...
Malicious code in ninja-ssh-proto (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84f71e430b37d8fe0ee6c72826071159bb146664fe17d9a596f6e611579851f7 During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...
Malicious code in tecken (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7ecb06d2778fcefe87592b7fa63b3030929cd86f643ee6b03491bcf77ba4af The package tecken was found to contain malicious code. Source: ossf-package-analysis d4e6037c07125a354ac2958e36321453a0dc6e28dcfe5f3c5749f58c302cb90...
Malicious code in coral-dev-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 938459f8d0b02585c73f8dedee34a7e499784f290f4c9cabf61706eeda5bbfe1 The package coral-dev-proxy was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ninja-core-optimizer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbe38f659a9fac5304f648aa594e12123221abd687755378f05b3efe17d6d4c7 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location --- Category: MALICIOUS - The campaign has clearly maliciou...
Malicious code in eth-wallet-kit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b0cce18986ec63fd689844cfc29b4023837d71b35b173a9cb08476c7575fcf2 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in crypto-bot-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3ece4ae851dba85751377f47097bd30525eafdcbf8cd08b57d2a06aa3a02b367 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in web3-tool-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9b0a2f82214baa91e572e7e7081cc863c213321d2a1f69cace704ce9b4a33e70 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in solana-py-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 410be1fb5add67052173f65435e5dcc6c97d9eda056afa09c612e1afe242be47 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in eth-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e5895b0a95cf86acc67f21e61b55a0718a073fd06657523b47550532153ed546 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in crypto-kit-pro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b3c7b3526469db1bb04a5875cfcb3a1e41fe3f9c697b6d63e497a15d1177cb1b The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in solana-wallet-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fa7ec45d58fb68b5b24d909a387ed8b1abe465a49e96bf2a24b85a65e730fbe9 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in pycacheopt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf50eae305079227b5283e08547cc201f941624c95e49460c3e6544cdd1e221b The extension module hides code that in specific circumstances executes given code. The malicious action is hidden only in the extension module with the...
Malicious code in crayrandomiz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 70d147758fe5288bee2adc712e45b7836211b83ce0b209fd42a31e4b3696bbf2 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in yc-depconf-test-807dff (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fe18d1e58fe7fbcd1a68dc26d47c9fa27f9678cf4bc50e3aa4ad35b16d0f85ce Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in owa-analytics-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a42250298e29b58f2cfe75c1d362637e2c31f1a1ef9b9cfbe5d9ff0475fb8 The package owa-analytics-utils was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in quicklytookerv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in 24712-pl5006 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2546cdc76edb1f8a93dcf66c855ca6246bb0d4ed76c72a7fd3c1aec44f34761 The package 24712-pl5006 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @paysafe-tracking/error-monitoring (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2acf9c4e0793663b7ca39f1c5c5a4646e8cecb488863494d904cdce97e01df The package @paysafe-tracking/error-monitoring was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in seek-pass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df5ea10e9459dff09eeff2b45d93b1ffa2458c8b38b7625850b5f2564e3d000f The package seek-pass was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @montanatonytest/app.web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae7604e0d0f1f42d621917113451c0b0583f2c74d4bbe59d92db2cf68101c674 The package @montanatonytest/app.web was found to contain malicious code. Source: ghsa-malware...
Malicious code in paypal-payouts-bridge (npm)
Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...
Malicious code in ally-eagw-identity (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff7fd23c87f0bda1a252db34a582c096198352537407625b535d7d0acb00e82d The package ally-eagw-identity was found to contain malicious code. Source: ghsa-malware...
Malicious code in ally-ccapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b70ba9950b3624a3cb0afb844592910fe317569f314fd6681870857d638b1cfc The package ally-ccapi was found to contain malicious code. Source: ghsa-malware c3a850b3a4466c4cc00dee663a54c3bcc8a23c9c74e5e01a9b14f27b616d9934 Any...