225917 matches found
Malicious code in update-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b606e43d802d06fa7b5d14f020e7727886462320dd05dca09c16887b15d5a37 The package update-db was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in update-browserslist (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c4a878cc9c9ebf1f260c89d735fe37a0a802bdb61300bc93f018d2e3a8af520 The package update-browserslist was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in browserslist-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f700f90f8bd70ca869ddaf27285327f5a926c28ac9d80cd5c8cad3ac25bb25ab The package browserslist-db was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in common-roles (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f602ee3e4db38c8befaab761a5f06c83f1a48c33822478a3ae25e315fcd337a2 The package common-roles was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in renderkitcore (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a66bf58bff553ec613604164eb60adcb89fcde468491b746838a6e2c18b0e3a0 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...
Malicious code in funkratov-renderkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78b5f3b4a8756df49b4a5eb41647e9dd20328da005f95869f81447355e2f7880 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...
Malicious code in chalk-fancy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b86a641eb2b6239d8a88849df88a1a148fa5380e3c8767dc59915edb295ef5b3 When used, package exfiltrates sensitive environmental variable. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in pycryptcore (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3337f9433143a04e30ce5881c7786f787cc882c983ed5e68b22f60fd79f2a0dd Typosquatting package that automatically exfiltrates files to a Telegram channel on importing. --- Category: MALICIOUS - The campaign has clearly malicious...
Malicious code in graphicsctxr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10408decaf8cace14b8124fa392ee96996c3c91358cb454cbfcd45790d18cdf9 Package contains code to exfiltrate .env to a remote target. Prior to version 2.1.1, it also created a persistent backdoor via embedding a hardcoded SSH key...
Malicious code in apple-internal-security-library-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...
Malicious code in path-internal-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaba59a63a7a6f3dfc734a55082dff17dbf357f41b2a09ef0c87f73d046088e1 On require, path.js executes an IIFE that calls loadTokenData, which fetches a base64-obfuscated URL decoding to https://www.jsonkeeper.com/b/CWOV9,...
Malicious code in path-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba1a7df799b6bd11bd036f1cfb1de6b1dfe0e4e72082be1b8a60537a59e5ae58 path-addon impersonates the Node.js core path module package name path-addon, README claims to be 'an exact copy of the NodeJS path module'. The body...
Malicious code in gweb-build-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e936ec36e6d3de012d7e5815e450c5339f9e297b8b605bb7ccc64a441fd0d5ef The package gweb-build-system was found to contain malicious code. Source: ghsa-malware...
Malicious code in bxiucnxcb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 136aa3924314879404ede1d7153b71b042b3fa55468f0aa1c534e6a18b79e37c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in currentclock (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d1c91399e9fe0c5525eac175fb302553dfca29a3cea2f469e7c9be512629e71c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in renderctx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7c668f58ae62e49c301d2e437e96818f41e221768509cfb4cf80b9800b5adf5a Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...
Malicious code in service-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0624202d6a746245b4be59c683dc5b0ca64a43bc9524db9388f9f0a7be45d57 The package service-gateway was found to contain malicious code. Source: ghsa-malware 0e3831827037ebf97303c3c075e47b0e1ece3d2c6b38ca75aa2b3d1f7d0a2f0...
Malicious code in intercom-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6931321619f69c7d1da208b4dffb8162d8ef83b0c9ee16539a8d8620ccbcc The package intercom-client was found to contain malicious code. Source: ghsa-malware 2d01b1077a26ddef79a7421bd98e7e2e9dd6a8d2447f41c2cfe3fb5e35f9631...
Malicious code in doisomgcxog (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78d6a043bbe150c65e0a3e7e56c69f1ff32171b70a684d512c87a2bfe0baf0b5 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in buffparser (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...
Malicious code in eslint-plugin-skyscanner-dates (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa3152c92c23ebec42990f14c77642de971e5a5464b0e7c25ecdea012ac81e4 The package eslint-plugin-skyscanner-dates was found to contain malicious code. Source: ghsa-malware...
Malicious code in lightning (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 703ac419d775488be137d7e01517d768da0b5581ab63338fb9523f2289f2b92c Versions 2.6.2, 2.6.3 were compromised. Compromised versions contain injected code that starts automatically during importing the module, downloads legitimate...
Malicious code in sirens-lament (npm)
Four pirate-themed npm packages blackbeards-navigator, beusy, sirens-lament, gunpowder-ghost were published by the npm account beusy with heavily inflated version numbers 209.0.0–210.0.0, a hallmark of dependency confusion attacks. Each package contains identical malicious lifecycle scripts...
Malicious code in blackbeards-navigator (npm)
Four pirate-themed npm packages blackbeards-navigator, beusy, sirens-lament, gunpowder-ghost were published by the npm account beusy with heavily inflated version numbers 209.0.0–210.0.0, a hallmark of dependency confusion attacks. Each package contains identical malicious lifecycle scripts...
Malicious code in apple-internal-security-audit-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85c1a320034eadbc47dbe12b147164f4b003babca198b527d6b725a9f891f188 The package apple-internal-security-audit-v99 was found to contain malicious code. Source: ghsa-malware...
Malicious code in timecurrently (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7e505f67724cdcb9846add9bc1236a4cf256f954d9be1dbc98a51b387cbc4871 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in sdoihgio9sudghsiudbg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 61f008a0a874bc97bef2f5d2c59d64b4ae73b7cdb66970e5f82a5abb8186372d During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in react-dnd-14 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in robase-dnb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 24da23c2c626baf8f3c35e8c5000506cdadb4d8129d0e4350b262a0e3922d8c7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in rblx-http (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b0078ee9b9f6221ab242c9f2442f86670e320a5058c306590b5e5b458066e414 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in rblx-https (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4b7d7435a6bcfd1a9437108a21af9ca6be7c60aa1e0c6e9e90a40ac43b26cf67 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in ro-db (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2bd23f786275f7f9939deab001c8b06daaba21ad7dcb861fd6bb9cdd2e3d830c During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in tanstack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7028347dbae61f876b9cca30a5d444da26b4ceab8364f00f8f2be35ff6baa2c4 The package tanstack was found to contain malicious code. Source: ghsa-malware a87082b3e2d555f184ce24de123d5e2d03b84521e22903e21e17d0222ab4b5e9 Any...
Malicious code in @breezeai-frontend/cargo-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b36e9fa7e047ca0001c4203829c98d09f750046708527baf2f2a1538a3f5e10 The package @breezeai-frontend/cargo-ui was found to contain malicious code. Source: ghsa-malware...
Malicious code in @breezeai-frontend/tailwind-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93dd597412bdae22d265ee51f76a40cefa637f09bdf73cb7ede9ac63daf05ac8 The package @breezeai-frontend/tailwind-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in ac-sasskit-beta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f511f3bd2772e3721f69519323ae4557eb447a809eef469c46a1c500fe96c1c0 The package ac-sasskit-beta was found to contain malicious code. Source: ghsa-malware 1873c549998c97b796fea0e8381c73ed62d3517f9eac35919b3225ad2a2f454...
Malicious code in apple-appstore-full-library-utility (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c81abc0b0ca85dceebddbddb78e6e2d6d05f87331f11b9a1190ad29d10adb4a The package apple-appstore-full-library-utility was found to contain malicious code. Source: ghsa-malware...
Malicious code in apple-security-internal-scanner-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6088746661229cdf51da875e15d5ba99c4ebee26f205b968e5aa52015a80cfad The package apple-security-internal-scanner-v3 was found to contain malicious code. Source: ghsa-malware...
Malicious code in bbranger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9cb5c90bcde5bf7b63607d4bf5e7be1ccb7b5c9eb2eb92e32dab102be5df3687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in gcp-internal-research-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9241eea1246719d57b428f64fd5138ae386fcf285aadd32a0a2ece3a8926b588 The package gcp-internal-research-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in apple-infra-escape-audit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4ca3e5d6066fa58a9fe52cc968a31569064af5959443ab3b8088f088c72b851 The package apple-infra-escape-audit was found to contain malicious code. Source: ghsa-malware...
Malicious code in frank-newton3-final-audit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7475946d315dcfc995a7c806043777be1e5a57b72c7c1313fc36944f37a52db1 The package frank-newton3-final-audit was found to contain malicious code. Source: ghsa-malware...
Malicious code in frank-newton3-user-hunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3d2188a1bfb704f499669b386b4268ab26fb46de37022d5b91df575521fcf81 The package frank-newton3-user-hunt was found to contain malicious code. Source: ghsa-malware...
Malicious code in frank-newton3-db-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c57962acb9140cd99fb10338da13df89a6af2a7da30694456df2bc151acd247 The package frank-newton3-db-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in apple-infra-stealth-audit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62019b469ab2852a4c8a4453043d5452768c2ac046ad1dc258366eac98de24ac The package apple-infra-stealth-audit was found to contain malicious code. Source: ghsa-malware...
Malicious code in apple-internal-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ae120f182e305f15d778dfe594aa3f79076b93b5bd4be77f293fdf08c5e12a The package apple-internal-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in frank-newton3-db-final (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a69c1c519dbe289ed217a75f1a31ace9b850acdb7df6cdadd95ca68f879f1d The package frank-newton3-db-final was found to contain malicious code. Source: ghsa-malware...
Malicious code in internal-sys-audit-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24fa7464d076e1807141a149346864e59a44c3b8e2731c02e05c9d93d0dcf487 The package internal-sys-audit-check was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-video-canvas (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in react-native-parallax-scroll-view-updated (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...