Malicious code in perfkitbenchmarker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0983513b915ec02c736c073b1af861f5ff6b1e62bf2074b42a33e8d5fa16bb46 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in mcp-transport-proto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a40306e4035df29c739d5073ccb341685275d5cebba588b7014898229752e11f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in uipathisfun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4128340804464a33ae1b20bb39d652bf1c658b63490cd97d45df609dabfd8f3f The package uipathisfun was found to contain malicious code. Source: ghsa-malware 5056a460c4d2ea98b9bc0090e9f7e81637ed9860f3b4befb1e8ab11df2248c73 An...

Malicious code in chai-as-chayn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37e4fe08f70ebcaf1ebc9988e7ad2694a3b9708734e8623adcf930d1803bb72a The package chai-as-chayn was found to contain malicious code. Source: ghsa-malware 57e4b17532a62987684bdd644c433a1aa7c4955324bb06eb3c6f7ed702fa0ed3...

Malicious code in xyzttt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bf8be86e9fbf67b0bd783470b31f222a90f7723388dac7deb1b168e658cf45e The package xyzttt was found to contain malicious code. Source: ghsa-malware f9a2092cb0041e877889c537a1e182d10e0fd642e2bcdb26daa6e8e8a2f7077a Any...

Malicious code in cryptopapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8115fdc278d0fa50691d9381670d65784c4e58c7350c6f039f4cc48900003832 The package cryptopapi was found to contain malicious code. Source: ghsa-malware 36add754a3a299e4d93abe760b631b4a294d017297d11825b1fc1e2363030172 Any...

Malicious code in trex-proxy-browser-extension-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb36a59a719cff949c203a03a41c54b637bb1974bdea728b1bc15e837a7db45 The package trex-proxy-browser-extension-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-country-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 769c13bead812dac05aaece43d165b10a7574c48a0a030b703e022325f736380 The package react-native-country-select was found to contain malicious code. Source: ghsa-malware...

Malicious code in jsonify-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef3f7d9cb714309502cac987c904c29a8eda1fda1fcd8f5fffabfa339a64369 The package jsonify-parser was found to contain malicious code. Source: ghsa-malware 4d17ffa1ebe907cee2cc4cf5fd22ab76acd112213237bcac49b62b06a002c1cb...

Malicious code in whatnot-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e7124b844cb92c573d57e94d1060a58445a82d03984c430e1632807fda9d227 The package whatnot-web was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in whatnot-manifests (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f0504ddd24de9ec3870bb8fc657436f5a61e3f6327f0e044bc380bfe3479d40 The package whatnot-manifests was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in tscom-geo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ac03439d7de860a9ae4215787b0a541834ac38155dd596d163607099107197f The package tscom-geo was found to contain malicious code...

Malicious code in test-bugbounty-package-9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f7339bb0bc55d33f83cf6bc6b2aed69072dc0de2c1fb416de6d8b67816e858 The package test-bugbounty-package-9 was found to contain malicious code...

Malicious code in technical-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bb4466031b35e68c6b2433674215383e95538391f583e01c1800c758a61c53b The package technical-assignment was found to contain malicious code...

Malicious code in stnsxmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f71046374980b35d68230cf391bf580cd1ce68017bf6ac6373b72b01b9d9b67 The package stnsxmp was found to contain malicious code...

Malicious code in ssf-desktop-api-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49396220b88ccf03b280b2ccbf09f84a3c871d1877ca7db06fd0e3fb78221305 The package ssf-desktop-api-electron was found to contain malicious code...

Malicious code in soft-nav (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fcb60176234c23b5621ba75433f01363353d1663b1c03a19192296dd09fd913 The package soft-nav was found to contain malicious code...

Malicious code in skyoauth2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10c8093f2acd2eeb615402cc142718c4e4ca3d82e4121cd316da58869ba595a2 The package skyoauth2 was found to contain malicious code...

Malicious code in signalk-poc-bug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf69e2f2bf99c9fcd93e12139a947e034130e9f90b30def5cf03d008c3f40330 The package signalk-poc-bug was found to contain malicious code...

Malicious code in rabbitmq-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5fd48bd646ad6b2f173f479170d732395513c048f0c0f6148205c0e1d08f864 The package rabbitmq-sdk was found to contain malicious code...

Malicious code in proleis-web-gallery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9085cc1fa561c63217713c781ed745f8e6d4c34e5997413299b06aa2d6047dc1 The package proleis-web-gallery was found to contain malicious code...

Malicious code in proleis-rest-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85952294cce10a5f7f25e077525b1d985ea33ce37974d44535fc894f5fcec749 The package proleis-rest-client was found to contain malicious code...

Malicious code in postcss-hotfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b4d8ad8f9c133d2d8680b4d666d442b455bbd1579dea5cd5582a883fc4f0b5 The package postcss-hotfix was found to contain malicious code...

Malicious code in portal-lime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a61d5bfbd22f203a4a68f3329504312a967221d510ce7ceed02c663b0de8e002 The package portal-lime was found to contain malicious code...

Malicious code in player-common-controls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aef58425992286c8ee1bba6bb26ba161a52a852bb7ed8a6087e737b91d02e8b The package player-common-controls was found to contain malicious code...

Malicious code in browser-compat-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 601776b12bb397ecad770ec5b29505afb8704042ffdb079640eb6f0f1903edab The package browser-compat-data was found to contain malicious code...

Malicious code in blob-internal-security-test-f63eabf7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e74309111e07d1757fef6d6a253d000339f2215e3166990d4e64964d4ec3d803 The package blob-internal-security-test-f63eabf7 was found to contain malicious code...

Malicious code in @f5rest/odata-v4-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34696bd2c7207574311745e28bb00c41c683bef6c9843edc69042a47081df10b The package @f5rest/odata-v4-server was found to contain malicious code...

Malicious code in @emerald-react/list (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d707dc47045118b38bef53f89d010f853a17c3b55df650c27f8afd361e4ad13e The package @emerald-react/list was found to contain malicious code...

Malicious code in @bingads-webui-cc-react/edit-primary-contact (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8db2de62135603996e4dfafbfd49878df32f1d35291bd473c636cef7b7303f6 The package @bingads-webui-cc-react/edit-primary-contact was found to contain malicious code...

Malicious code in @at-point/valiant-widgets-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87532b33037ce0d72b75f2ca654c5b66bf97048b3d1226ca6bdb396af6670c4a The package @at-point/valiant-widgets-v2 was found to contain malicious code...

Malicious code in rails_structured_logging (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in kaleido (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus-quick-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in aitrade (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in test6789.latest (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in stripeapi.net (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in transform-es2015-parameters (npm)

The package 'transform-es2015-parameters' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-new-target (npm)

The package 'transform-new-target' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in minify-mangle-names (npm)

The package 'minify-mangle-names' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in typescript-validation-schema (npm)

The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in todo-plz (npm)

The package 'todo-plz' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in styled-components-a11y (npm)

The package 'styled-components-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in developit (npm)

The package 'developit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in tailwind-mainanimation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64236873269f6da90599a0e0136ce22979e4bbfd8103cf4850e42c1179ae6cb5 The package tailwind-mainanimation was found to contain malicious code. Source: ghsa-malware...

Malicious code in pulsard-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5088b269cb089b9b077cf5a13f9b00cbb8d01375276ce1e2f1c99fc7154a46be The package pulsard-utils was found to contain malicious code. Source: ghsa-malware ff1030d82dfca7d7403806e0bd8ba645d25cddd141cb5480664a6555f2d441d7...

Malicious code in tailwindcss-animation-advanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ce5cca16e60f9958f552f1a26e24d39638ac246580074b3125b8867e9769f3b The package tailwindcss-animation-advanced was found to contain malicious code. Source: ghsa-malware...

Malicious code in @depro-tech/cortana-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab02cdce682fe76e6709fc00a3df615b366f38ed30270f635ddca7b122275fc The package @depro-tech/cortana-md was found to contain malicious code. Source: ghsa-malware...

Malicious code in odds-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd711f9267e0e1bd3dc42ff98c117a939f5ffa947f11c5fd3d9aea4bc8a47c1 The package odds-analyzer was found to contain malicious code. Source: ghsa-malware 90239f2eeaa13b5a4c00596bcd6f549ab3948f0b1421e246ce67a7bfa30248d6...

Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...