225884 matches found
Malicious code in bytedclaw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 222fec842fbce5c57d9ab98166abc5a0b555076048a153f00dd34b7a1ceec072 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in axis-abc-portal-menu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84dbd03fbc7970d1f3fc987743f698a9ea6a0af44ea2b89d0f2c1cbaa397f933 The package axis-abc-portal-menu was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in elementary-data (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...
Malicious code in next-rwa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b11e0d18d15210fc1b53ccc943f01bd8f2d6873d4dd2586d535336fb14de6662 The package next-rwa was found to contain malicious code. Source: ghsa-malware 7f7d55fa4afccd86d6cbe53d7ad7643039f7e0bc251a0cb9b149708720c87639 Any...
Malicious code in lyroxcoder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0aa87cfde7d0b832cd24067a43e94d812a4f5ce64541e219fb6aa6b7388939ab Heavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded,...
Malicious code in vime-azl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...
Malicious code in @bmg-web/bmg-collapse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fac63a733e9add336ae6a3fa8cf87b72abbe29bb1efeb397b54dd35f2875fcd The package @bmg-web/bmg-collapse was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in tsdoc-build-rig (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa9483578294aa1f05417210a36c0840de9fe1104aa1c36c6cad6f0ac4fe4760 The package tsdoc-build-rig was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in claudcode-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1de8369f09912bb8724607f94c599ad3fcecfa78fa46e76985acbc600ad8791 The package claudcode-cli was found to contain malicious code. Source: ghsa-malware 6bdf49fafb69e5edbe0ee4aecb34c6d65f28e0dd917b228142fd71e6db486971...
Malicious code in krdfonts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a15ce04475542747dedb873a3b01d84d049ca808da879da611089e66db7e434e The package krdfonts was found to contain malicious code. Source: ghsa-malware 4e5c97aa939f62290759af39ce8ffae53746a8b7e48e2f72e8972573fede14b6 Any...
Malicious code in @source-row/source-container (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef1f8f064936d70cf38ce81e5a991bd0514ea059213b17683bf77edfb8cba45b The package @source-row/source-container was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in buildkite-test-collector-cypress-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c10094969be88bd9f1aa924abf89c5dc58dd70e107adf3c95a3f58c0ba86518 The package buildkite-test-collector-cypress-example was found to contain malicious code...
Malicious code in @the-coca-cola-company/receipt-scanner-admin-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 046b5475599d30f293f2eeb7ab9fce35c44cd678ab2cecde2c96e588a170d822 The package @the-coca-cola-company/receipt-scanner-admin-lib was found to contain malicious code...
Malicious code in chai-beta (npm)
chai-beta is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/XRGF3 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in @pes-ui/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c86f728ffc679c2767dd34f810c998e9e7fa49098d757ee8a3ba6b050f1754f The package @pes-ui/components was found to contain malicious code. Source: ghsa-malware...
Malicious code in @dtc-campaign-wizard/campaign-wizard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f551e16bdd57ec65154ddd0b1ebe5a701abe98d86f25490fb3c36b19e9fa41 The package @dtc-campaign-wizard/campaign-wizard was found to contain malicious code. Source: ghsa-malware...
Malicious code in robase-installer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1edd96cface7dcae9f445d94982ffc19a27e557fae7030e77e6e5646dfdd5c98 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in sjs-biginteger (npm)
sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...
Malicious code in chess-sec-ssrf1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25205345915fdf089bcbd90b35f9e852c02281bd7452805479d18c610063ac52 The package chess-sec-ssrf1 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in admin0911 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 131de816e8ec55ce8cba8760646cd38392aa5d5c64d74ca83d6331ce81dc92c7 The package admin0911 was found to contain malicious code. Source: ghsa-malware 3b8dd74b10ddf8f43854df0999878fec4cffe7ec1e4d42e136602be00468a54c Any...
Malicious code in strapi-plugin-guardarian-ext (npm)
strapi-plugin-guardarian-ext is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
Malicious code in strapi-plugin-api (npm)
strapi-plugin-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. It...
Malicious code in strapi-plugin-seed (npm)
strapi-plugin-seed is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...
Malicious code in expreeeess (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f655863438463b445574f12a5195c9635704e2158556ae437ee3a71c2e083d6b The package expreeeess was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in 4xperss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6de1a8af1dbe21de2e06785a6a5e41a438f356fe440c8b121b808975ef95f5fe The package 4xperss was found to contain malicious code. Source: ossf-package-analysis d8cb27dbe58e29571ce6b777903222af9497b79676e8301021d03f159c5d77...
Malicious code in base58-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3507af35455908a5b982b470adae215c0ee155a68cbe2a6a59a1f3b6bd98f342 The package base58-engine was found to contain malicious code. Source: ghsa-malware 9f811caacac31851267205cb855bc06a1a39a198f98d9510f12e27dfba097f83...
Malicious code in @c8o/nimbus-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8225c79aa127203c225df747705db370e11cfae184af100a063b2dfa4eb20eb8 The package @c8o/nimbus-core was found to contain malicious code. Source: ghsa-malware 23fd3197db4264e7b8ef6d65380e017c5b205b46a8e732df586feffcf3c7c7...
Malicious code in coredxloader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b26408ee7735357c61e0a81e60620000999ef84eba419797b20858e5ce5b4a62 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...
Malicious code in jsonify-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16e04dbb8a655525d1dcc95902eacad5b738ac61852151526e1e0a95447a3f0 The package jsonify-builder was found to contain malicious code. Source: ghsa-malware 4f4842e5bf9d324a472ef06cb8dc42b177eee930c375c76176e9a67f032d05f...
Malicious code in allergan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b647cee7f2efba83a3acb7f2a6216150570618d386d85a162caf08b4fabaeb1d The package allergan was found to contain malicious code. Source: ghsa-malware 39db4e96e2f99167f5914eb406fd2fe8d3adab2598b4872dbe5f0e228cad37e7 Any...
Malicious code in chai-patch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b7a1b00f9cf8ff93aebfbb318e0f4da8d56a985a1eca3c305142e708dc6fc55 The package chai-patch was found to contain malicious code. Source: ghsa-malware a5b659f5744d677c50cb63bc98f750071b3db390e25b81a553debdff48ffac6a Any...
Malicious code in @rexxtheproject/elaina-libsignal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b062d07817c63636edc363a279fdad6c40a72e116a3abd59aba0e30854f059a The package @rexxtheproject/elaina-libsignal was found to contain malicious code. Source: ghsa-malware...
Malicious code in @rexxtheproject/keyed-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa8d0778ab610c5b6e2320997c2427bf9e6295b93fe16ae478096953c1de9b34 The package @rexxtheproject/keyed-db was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-chain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bcf6b93b6186112457361f81d21c00830bf0c48c75763de88d97f1b075944cf The package chai-as-chain was found to contain malicious code. Source: ghsa-malware 1d06397b7e66c2a8ecf1542a1f7d18b0f5a87d08a276dc88f77b1f8b2d818d47...
Malicious code in path-external (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83954c990d9e7dddb109dea7f9ed24bc8ded6b95da0ed050b43e7486675fc67c The package path-external was found to contain malicious code. Source: ghsa-malware 28650e14b5d9d8ba8bb4df91ca765c3e40d62074928911571fbdbc9af91c4e2d...
Malicious code in mattermost-data-warehouse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 50f2483a1650869326d4fddf7bf66bc1dc6e6d614300cf8b41577595ded48165 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in corexloader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 02fc84ddadc717cbd2dc073832c3c9e438f82d2671927fa79be959fea7031304 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...
Malicious code in ssr-catalogue-sfcc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ffd2663232d7c5508f63c063736d09a7c1fdfefe9783f5941c9214f687df7fb The package ssr-catalogue-sfcc was found to contain malicious code...
Malicious code in node-multer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fd13a20e1e6edfd702b510f8205a60c9826a214ac27b04e1c6b48dee5f74d76 The package node-multer was found to contain malicious code...
Malicious code in loadshh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d004f6eea15c013bd06ee8a4dd18dff1443aacb9ced1b110a7d05f59bc5438 The package loadshh was found to contain malicious code...
Malicious code in env-express-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c836e2eb4b78603e8fa096a1eb11b7b3b9e49a91bcfe0b82be74b1bdd1c58a03 The package env-express-cli was found to contain malicious code...
Malicious code in env-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 641ecb34e7cfa3af77893add29d18b3c9c1e2b95012ff76c775a7bd8ca97ea4b The package env-express was found to contain malicious code...
Malicious code in react-tailwindcss-style (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5602af4bd6e54460627a64eb9632c4f1ec0e8604d523b76c272346a2f599cb99 The package react-tailwindcss-style was found to contain malicious code. Source: ghsa-malware...
Malicious code in pulse-shop-section (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9973ec50205f8457c7d27feb3e60011e3fe79d4e0d1b7cbeaa30bc38e98e9d95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @airtm/uuid-base32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5843013e1c89122451c17ec535f73c4e36dc3596c32522dd9b03bbb68637c4f3 The package @airtm/uuid-base32 was found to contain malicious code. Source: ghsa-malware...
Malicious code in @emilgroup/partner-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 021998bae85c5300a2c6e776ee80893de174f4216d701951b4742fd3eff21d85 The package @emilgroup/partner-sdk-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in jest-preset-ppf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 865aa42f02036b04e6245ec53b1fd2e49bc7f3954c195abec4127acf04dfa260 The package jest-preset-ppf was found to contain malicious code. Source: ghsa-malware 84c3c8fd0d6db555bb09e8ddd8668f525a4de9ad2486ecf4ef835f158a7565d...
Malicious code in @emilgroup/billing-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fdd5297b7532183f2b29871b23802ced24b046c92f2826618bc083dd243620 The package @emilgroup/billing-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-leaflet-cluster-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0518fae392cbcd2e3f43b08af24b6736a313bcc053d67bfece2c36c7e609373 The package react-leaflet-cluster-layer was found to contain malicious code. Source: ghsa-malware...
Malicious code in @emilgroup/account-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c31c8b6deb277deb631be4e0ce8b07d6896462492574a9e5b25041a9b0b6424 The package @emilgroup/account-sdk was found to contain malicious code. Source: ghsa-malware...