Malicious code in @anchor-ds/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9aaac3fbc20e4d10a4fcf379fa4637f05e1dccd9fb6123bdd9b0e26ce5e21854 The package @anchor-ds/core was found to contain malicious code...

Malicious code in testcatplzignore (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in rafka-rb (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in freshworks-ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in doctolib (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in suficloud (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus-quicker-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus-fast-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in elleuchdhsolvepwn (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bigmathix (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bsure.utils (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in avvio.sky.userdataservice (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in 3rugfbe8rivferiuv (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in pino-logger-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5c908d1d5a0d2a6a517ef1aa6e7ab5b7ddc8644dc39730c2629f0226a69121a The package pino-logger-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in ember-power-calendar-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55191162c66f85fd90f4c2bb6354b569a7ab7cdc6a380289defcc8be784ed434 The package ember-power-calendar-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in graphlib-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fc5e5e2ae1439a28be92e99758c3253bf2bd09a568712a5d0725553b4836eaf The package graphlib-js was found to contain malicious code. Source: ghsa-malware 375768659fc55b18acf652226fabd9052c10c4f88d36f150317532bc8661df13 An...

Malicious code in codeshouhu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 4d37163d3341d79548bd0fd94d62539579ed5f7ba2e48c1810b8d4e20c964c1c This package runs a malicious payload when it is imported...

Malicious code in transform-dynamic-import (npm)

The package 'transform-dynamic-import' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in yoshi-base (npm)

The package 'yoshi-base' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in transform-minify-booleans (npm)

The package 'transform-minify-booleans' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in syntax-exponentiation-operator (npm)

The package 'syntax-exponentiation-operator' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in syntax-export-extensions (npm)

The package 'syntax-export-extensions' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in @storylane/uikit (npm)

The package '@storylane/uikit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-jsbi-to-bigint (npm)

The package 'transform-jsbi-to-bigint' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in twitch.dashboard-v2.core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 637dc1fe27ba94d42da29869618ddc561c6dece34d9b0cbfc0061919e77de510 The package twitch.dashboard-v2.core was found to contain malicious code. Source: ghsa-malware...

Malicious code in @lux2/ssr-catalogue-sfcc (npm)

Package collects system info, exfiltrates data to a suspicious IP, executes shell commands, and uses pre/postinstall scripts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625e0932d70166d526fb8fa4993c8c448699203e795ad308cfe52cd784b28ff The package...

Malicious code in spectral-corsair-my-backdoor (npm)

Malicious package detected. Suspicious preinstall script exfiltrates data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0826a28f7948e68cdddd6260a01c3653a7f04deb2c9368054243ed47713ee353 The packa...

Malicious code in bign.ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a025c6f6e0ba133f66c24e9d46df60c1b78c7d79803fdfe7f0c7c4a4e4564528 The package bign.ts was found to contain malicious code. Source: ghsa-malware e8f7bbc689d348ea3844e77989dc0dc5bc44ed380ea464ca671e8e3ea8dda1d2 Any...

Malicious code in anontest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4d47757d3ee2d0dde7ed82934a06bf64343c344a7b090cf77f05dcd73f813a5 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in iron-menu-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c995f11c44e1f5cd41f7a3c63d4070a2d738168a7fcc5a61f8f9e8ddbd6f00c The package iron-menu-behavior was found to contain malicious code. Source: ghsa-malware...

Malicious code in requests-lite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d343c918303c251cdef262a6e1cbdff6ae797cf56115a81cfa5449732395b63b Clone of a legitimate requests library. The hidden code runs when using the requests functionality and starts a Telegram bot awaiting for remote commands. ---...

Malicious code in chat-xdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1f6d17089af4d8a0d8ab4b5ab9398a250b54d8d605c178080a7f275a6ab4687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in hostlists-plugins-default (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21b72625bb74661ae95d3317fe4384105bb6dd6d026b049f84a192aeeeeae9df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

Malicious code in pdfjs-dist-fourth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcaf355459e8baaef860a557036e51431e6eb6c44dcba0e800579cf978f2f64d The package pdfjs-dist-fourth was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in pear-apps-utils-avatar-initials (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097265e259265c0fcc8e4d53ebb4bfcdc33404ce2fc818308f0f1097d90de3d4 The package pear-apps-utils-avatar-initials was found to contain malicious code. Source: ghsa-malware...

Malicious code in pear-apps-utils-date (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65df5bee974b55dfd58d5816e480664604e9d8b3bf6a7c27c22b92aefeaca124 The package pear-apps-utils-date was found to contain malicious code. Source: ghsa-malware...

Malicious code in pearpass-lib-ui-theme-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ea77827543a6a72312b98aefe294d7f17ef926c74ebd096bb12a0de3a894b7f The package pearpass-lib-ui-theme-provider was found to contain malicious code. Source: ghsa-malware...

Malicious code in gaia-marionette (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81308c35c4cad5bf3f87f791133f9aff53485b715060135829785be1d33b2e1d The package gaia-marionette was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in polmarket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11f6a7f9b6e3b1841c2ab98dd4f2b65abf89d0ff9632d58fe14a1b2b9f5ac846 The package polmarket was found to contain malicious code. Source: ghsa-malware be6a87de77c124ff75dbce268ef62ae226ca99de2026d5178d14f6b38ba0888b Any...

Malicious code in whop-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 943bd287cb6375798fdee15ba33f85737201ea9934952ee5d1f2a2336e8cd65c The package whop-sdk was found to contain malicious code. Source: ghsa-malware 4c3e9ca78194532c222b978afd00f7bb4be1ca1ba6cd442e1892d17ee6e67ccc Any...

Malicious code in chai-as-proofed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f83db1fa5312f0e34beebb192fb972f2d0e88650b49945571b438d27156de06 The package chai-as-proofed was found to contain malicious code. Source: ghsa-malware b69ea2b92d530f84e379af75eaaefcf70c71f603a5bb307eb7e658b4b290db8...

Malicious code in turbo-json-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a239b53ed6cbc1e72aac660afa08204b9de36dae39068c30cf175ddd390b4fd1 The package turbo-json-parser was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwindcss-forms-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a402948dc389c4a201ac4271a843d78a5131d377a3904fe178b51c6aef5adb The package tailwindcss-forms-component was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwindcss-forms-componentes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0825512b6509f2725c98e651bd2d86e9fd2fa6e488f9ee33a7cdcfbf30b1a73e The package tailwindcss-forms-componentes was found to contain malicious code. Source: ghsa-malware...

Malicious code in bmath (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b73a3f9e6d238ce5727a57fc31cba103d7e055670b067f001099b8f0c487519b The package bmath was found to contain malicious code. Source: ghsa-malware c3d39abb57e51336f455810ef3c907094fe6636bd1c6acf046edfa02720968d6 Any...

Malicious code in demo-ip-package-cm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 756fbc97ea8b65830898805513bede65c955e6ae300a4d19574e984d17615b37 The package demo-ip-package-cm was found to contain malicious code. Source: ghsa-malware...

Malicious code in flycord (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f477b30e27717915d1f5a29429d03c3ca68513e4c2b8faef87404ee2dd399324 The package flycord was found to contain malicious code. Source: ghsa-malware 2a8f9b1be8c669768e145dc79e2d5345b794d5b06f8e1b87a1371efce3339395 Any...

Malicious code in @twilio-client/twilio-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d655ae7b2eb263b5d3c630c72182a60a7012272acc57f1816eb73fd1c9119a97 The package @twilio-client/twilio-client was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bookings.microsoft.com/s (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa10e8f4ab4580d4d9aedaee9a9e0c036b3248364f0680727df6871025d7e2f9 The package @bookings.microsoft.com/s was found to contain malicious code. Source: ghsa-malware...