Skip to content
supplychainattack.orgSupply chain attack incident catalog

Supply chain attack incidents

A neutral, reverse-chronological catalog of confirmed software, hardware, and vendor supply chain attacks. Every entry is backed by at least one credible public advisory. Filter by ecosystem, attack vector, severity, or status.

  1. containedcritical

    Malware in @doaction/types

    Malware was discovered in the npm package @doaction/types. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  2. containedcritical

    Malware in @doaction/eventemitter

    Malware was discovered in the npm package @doaction/eventemitter. Systems with this package installed or running are considered fully compromised and require immediate remediation.

    npmCompromised package
  3. containedcritical

    Malware in @doaction/http

    Malware was discovered in the npm package @doaction/http. Systems with this package installed or running are considered fully compromised, with potential for complete system takeover.

    npmCompromised package
  4. activecritical

    Malware in @doaction/mapstore

    The npm package @doaction/mapstore contains malware that grants full control of affected systems. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  5. containedcritical

    Malware in @doaction/pay

    Malware was discovered in the npm package @doaction/pay. Systems with this package installed or running should be considered fully compromised and require immediate remediation.

    npmCompromised package
  6. containedcritical

    Malware in @doaction/examples

    Malware was discovered in the npm package @doaction/examples. Systems with this package installed or running should be considered fully compromised, with all secrets and keys requiring immediate rotation from a different computer.

    npmCompromised package
  7. containedcritical

    Malware in @doaction/storage

    Malware was discovered in the npm package @doaction/storage. Systems with this package installed are considered fully compromised and require immediate remediation including credential rotation and package removal.

    npmCompromised package
  8. containedcritical

    Malware in dbmux

    Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised, requiring immediate rotation of all secrets and keys from a different system.

    npmCompromised package
  9. containedcritical

    Malware in @doaction/rrweb-sdk

    Malware was discovered in the npm package @doaction/rrweb-sdk. Systems with this package installed or running are considered fully compromised and may have given outside entities full control of the computer.

    npmCompromised package
  10. activecritical

    Malware in @doaction/signalhub

    Malware was discovered in the npm package @doaction/signalhub. Systems with this package installed or running should be considered fully compromised, with all secrets and keys requiring immediate rotation from a different computer.

    npmCompromised package
  11. containedcritical

    Malware in @doaction/systeminformation

    The npm package @doaction/systeminformation contained malware that grants full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  12. activecritical

    Malware in @doaction/sudo-prompt

    Malware was discovered in the npm package @doaction/sudo-prompt. Systems with this package installed or running are considered fully compromised and require immediate remediation.

    npmCompromised package
  13. activecritical

    Malware in @doaction/wasm-loader

    Malware was discovered in the npm package @doaction/wasm-loader. Systems with this package installed or running are considered fully compromised, with potential for complete system takeover.

    npmCompromised package
  14. activecritical

    Malware in @doaction/example

    The npm package @doaction/example contains malware that grants full control of affected systems to an outside entity. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  15. containedcritical

    Malware in xorma-js

    Malware was discovered in the npm package xorma-js, resulting in full system compromise of any computer with the package installed or running. All secrets and keys on affected systems should be rotated immediately from a different computer.

    npmCompromised package
  16. activecritical

    Malware in clsx-js

    Malware discovered in the npm package clsx-js. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  17. containedcritical

    Malware in enquriers

    The npm package enquriers was found to contain malware, resulting in full system compromise of any computer with the package installed or running. All secrets and keys should be rotated immediately from a different computer, and the package should be removed.

    npmCompromised package
  18. activecritical

    Malware in progerss-cli

    Malware discovered in the npm package progerss-cli. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  19. activecritical

    Malware in kecak256

    The npm package kecak256 was compromised and contains malware. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  20. containedcritical

    Malware in os-ulid-void

    The npm package os-ulid-void was found to contain malware, potentially providing full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  21. activecritical

    Malware in path-extend

    The npm package path-extend contains malware that grants full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised and all secrets and keys should be rotated immediately from a different computer.

    npmCompromised package
  22. containedcritical

    Malware in moustick

    Malware was discovered in the npm package moustick, resulting in full system compromise for any installation. The package should be removed immediately and all secrets and keys rotated from a different computer.

    npmCompromised package
  23. containedcritical

    Malware in cookie-parser-legacy

    Malware was discovered in the npm package cookie-parser-legacy. Systems with this package installed are considered fully compromised and require immediate remediation including secret rotation and package removal.

    npmCompromised package
  24. containedcritical

    Malware in void-ulid

    Malware was discovered in the npm package void-ulid, resulting in full system compromise for any computer with the package installed or running. All affected systems should be considered fully compromised and all secrets and keys rotated immediately from a different computer.

    npmCompromised package
  25. containedcritical

    Malware in github-archiver

    The npm package github-archiver was found to contain malware. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  26. containedcritical

    Malware in comos-sdk

    Malware was discovered in the npm package comos-sdk, resulting in full system compromise for any installation. The package should be removed and all secrets and keys rotated from a clean system.

    npmCompromised package
  27. containedcritical

    Malware in ui-weave

    Malware was discovered in the npm package ui-weave, resulting in full system compromise of any computer with the package installed or running. All secrets and keys on affected systems should be rotated immediately from a different computer.

    npmCompromised package
  28. containedcritical

    Malware in buffer-utilities

    Malware was discovered in the npm package buffer-utilities, resulting in full system compromise for any installation. The package should be removed immediately and all secrets and keys rotated from a clean system.

    npmCompromised package
  29. containedcritical

    Malware in transacts

    The npm package transacts was found to contain malware, resulting in full system compromise of any computer with the package installed or running. All secrets and keys should be rotated immediately from a different computer, and the package should be removed.

    npmCompromised package
  30. containedcritical

    Malware in @doaction/shared

    Malware was discovered in the npm package @doaction/shared. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  31. activecritical

    Malware in @doaction/auth

    Malware discovered in the npm package @doaction/auth. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  32. containedcritical

    Malware in nodemon-copack

    The npm package nodemon-copack contained malware that grants full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  33. activecritical

    Malware in chai-mocks

    Malware discovered in the npm package chai-mocks. Systems with this package installed are considered fully compromised and require immediate remediation including secret rotation and package removal.

    npmCompromised package
  34. activecritical

    Malware in regexp-ts

    The npm package regexp-ts contains malware that provides full system compromise to attackers. Any computer with this package installed should be considered fully compromised and all secrets and keys rotated immediately from a different machine.

    npmCompromised package
  35. activecritical

    The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent

    On June 8, 2026, multiple Graph ML PyPI packages were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections for analyst misdirection, and token-revocation wipers. The attack targeted the bioinformatics ecosystem with sophisticated evasion techniques.

    PyPICompromised package
  36. containedhigh

    New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

    Hackers compromised 19 science-focused packages on PyPI in a Shai-Hulud supply-chain attack. The trojanized packages were collectively downloaded hundreds of thousands of times and delivered malware designed to steal developer secrets.

    PyPICompromised package
  37. activecritical

    Malware in nodemon-lint

    The npm package nodemon-lint contains malware that grants full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised and all secrets and keys rotated immediately from a different machine.

    npmCompromised package
  38. containedcritical

    Malware in classwind-utils

    Malware was discovered in the npm package classwind-utils. Systems with this package installed or running are considered fully compromised and require immediate remediation.

    npmCompromised package
  39. containedcritical

    Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents

    On June 5, 2026, the Miasma worm campaign compromised Microsoft's Azure GitHub organizations by pushing a malicious commit to the Azure/durabletask repository using a compromised contributor account. GitHub disabled 73 repositories across four Microsoft organizations after configuration files were planted to harvest credentials when developers opened repositories in AI coding agents like Claude Code, Gemini CLI, Cursor, or VS Code.

    AI agents & skillsMalicious commitAccount takeover
  40. activecritical

    Malware in glyphr

    Malware in glyphr Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside ent

    npmCompromised package
  41. activecritical

    Malware in react-ui-polyfills

    Malware in react-ui-polyfills Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an

    npmCompromised package
  42. activecritical

    Malware in utils-mf

    Malware in utils-mf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside e

    npmCompromised package
  43. activecritical

    Malware in ulid-os

    Malware in ulid-os Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside en

    npmCompromised package
  44. activecritical

    Malware in reactvora

    Malware in reactvora Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside

    npmCompromised package
  45. activecritical

    Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp

    A self-replicating worm named Miasma is spreading across the npm registry by injecting malicious code into binding.gyp files, which execute during npm install without requiring package.json script modifications. The attack has already compromised dozens of packages across multiple maintainer accounts and evades conventional security detection.

    npmCompromised packageMalicious commit
  46. activehigh

    New IronWorm malware hits 36 packages in npm supply-chain attack

    A supply-chain attack infected 36 packages on npm with IronWorm infostealer malware. The attack compromised multiple packages in the Node Package Manager ecosystem, potentially affecting downstream users and applications.

    npmCompromised package
  47. containedhigh

    Hola Browser for Windows compromised to deliver cryptominer

    The Windows version of Hola Browser was compromised in a supply chain attack that delivered an undeclared cryptocurrency miner executable to users. The compromise affected the browser's distribution or update mechanism.

    OtherCompromised packageUpdate-server compromise
  48. activecritical

    Malware in @jagreehal/workflow

    Malware in @jagreehal/workflow Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to a

    npmCompromised package
  49. activecritical

    Withdrawn Advisory: Malware in supabase

    Withdrawn Advisory: Malware in supabase ### Withdrawn Advisory This advisory has been withdrawn because the malware detection was a false positive. This link is maintained to preserve external references. ### Original Description Any computer that has this package installed or running should be considered fully comprom

    npmCompromised package
  50. activecritical

    Malware in autotel-terminal

    Malware in autotel-terminal Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an o

    npmCompromised package
  51. activecritical

    Malware in chai-midpatch

    Malware in chai-midpatch Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outs

    npmCompromised package
  52. activecritical

    Malware in nodemon-pack

    Malware in nodemon-pack Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outsi

    npmCompromised package
  53. activecritical

    Malware in nodemon-webpatch

    Malware in nodemon-webpatch Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an o

    npmCompromised package
  54. activecritical

    Malware in webpack-json

    Malware in webpack-json Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outsi

    npmCompromised package
  55. containedcritical

    Multiple redhat-cloud-services npm Packages compromised

    Multiple npm packages in the @redhat-cloud-services scope were compromised with malicious payloads. The attack used preinstall hooks to execute a multi-stage credential harvester targeting cloud and CI/CD platform secrets.

    npmCompromised package
  56. activecritical

    Malware in chai-parse

    Malware in chai-parse Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside

    npmCompromised package
  57. activehigh

    Miasma: Supply Chain Attack Targeting RedHat npm Packages

    Miasma is a supply chain attack targeting RedHat npm packages, leveraging malicious npm packages based on the open-sourced Mini Shai-Hulud malware. Specific affected packages and versions were not disclosed in the available source text.

    npmCompromised package
  58. activecritical

    Malware in @redhat-cloud-services/types

    Malware in @redhat-cloud-services/types Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been g

    npmCompromised package
  59. activecritical

    Malware in xarc-webpack-cli

    Malware in xarc-webpack-cli Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an o

    npmCompromised package
  60. activecritical

    Malware in json-to-simple-graphql-schema

    Malware in json-to-simple-graphql-schema Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been

    npmCompromised package
  61. activecritical

    Malware in @redhat-cloud-services/sources-client

    Malware in @redhat-cloud-services/sources-client Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may ha

    npmCompromised package
  62. activecritical

    Malware in @chat-template/auth

    Malware in @chat-template/auth Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to a

    npmCompromised package
  63. activecritical

    Malware in @redhat-cloud-services/integrations-client

    Malware in @redhat-cloud-services/integrations-client Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer m

    npmCompromised package
  64. activecritical

    Malware in @redhat-cloud-services/frontend-components-testing

    Malware in @redhat-cloud-services/frontend-components-testing Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the co

    npmCompromised package
  65. activecritical

    Malware in @redhat-cloud-services/frontend-components-remediations

    Malware in @redhat-cloud-services/frontend-components-remediations Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of t

    npmCompromised package
  66. activecritical

    Malware in @redhat-cloud-services/frontend-components-config

    Malware in @redhat-cloud-services/frontend-components-config Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the com

    npmCompromised package
  67. activecritical

    Malware in @redhat-cloud-services/entitlements-client

    Malware in @redhat-cloud-services/entitlements-client Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer m

    npmCompromised package
  68. activecritical

    Malware in randomlogs

    Malware in randomlogs Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside

    npmCompromised package
  69. activecritical

    Malware in peertube-plugin-google-analytics-js

    Malware in peertube-plugin-google-analytics-js Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have

    npmCompromised package
  70. activecritical

    Malware in nemo-reporter

    Malware in nemo-reporter Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outs

    npmCompromised package
  71. activecritical

    Malware in motion-tool

    Malware in motion-tool Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outsid

    npmCompromised package
  72. activecritical

    Malware in loading-session

    Malware in loading-session Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an ou

    npmCompromised package
  73. activecritical

    Malware in @redhat-cloud-services/frontend-components

    Malware in @redhat-cloud-services/frontend-components Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer m

    npmCompromised package
  74. activecritical

    Malware in @redhat-cloud-services/frontend-components-config-utilities

    Malware in @redhat-cloud-services/frontend-components-config-utilities Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control

    npmCompromised package
  75. activecritical

    Malware in @redhat-cloud-services/rbac-client

    Malware in @redhat-cloud-services/rbac-client Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have

    npmCompromised package
  76. activecritical

    Malware in @redhat-cloud-services/chrome

    Malware in @redhat-cloud-services/chrome Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been

    npmCompromised package
  77. activecritical

    Malware in @redhat-cloud-services/topological-inventory-client

    Malware in @redhat-cloud-services/topological-inventory-client Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the c

    npmCompromised package
  78. activecritical

    Malware in @redhat-cloud-services/quickstarts-client

    Malware in @redhat-cloud-services/quickstarts-client Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer ma

    npmCompromised package
  79. activecritical

    Malware in @redhat-cloud-services/rule-components

    Malware in @redhat-cloud-services/rule-components Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may h

    npmCompromised package
  80. activecritical

    Malware in @redhat-cloud-services/eslint-config-redhat-cloud-services

    Malware in @redhat-cloud-services/eslint-config-redhat-cloud-services Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control o

    npmCompromised package
  81. activecritical

    Malware in jingmeideshishi

    Malware in jingmeideshishi Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an ou

    npmCompromised package
  82. activecritical

    Malware in @pcldpvkoewpogw/testhacker

    Malware in @pcldpvkoewpogw/testhacker Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been giv

    npmCompromised package
  83. activecritical

    Malware in @osamdefeirrighs/testhackfrrferrr

    Malware in @osamdefeirrighs/testhackfrrferrr Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have b

    npmCompromised package
  84. activecritical

    Malware in @ewfewfewf/testhackerrr

    Malware in @ewfewfewf/testhackerrr Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given

    npmCompromised package
  85. activecritical

    Malware in audit-logsss

    Malware in audit-logsss Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outsi

    npmCompromised package
  86. activecritical

    Malware in collected-forms-embed-js

    Malware in collected-forms-embed-js Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given

    npmCompromised package
  87. activecritical

    Malware in cms-github

    Malware in cms-github Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside

    npmCompromised package
  88. activecritical

    Malware in cms-storehub

    Malware in cms-storehub Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outsi

    npmCompromised package
  89. activecritical

    Malware in cms-helpgit

    Malware in cms-helpgit Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outsid

    npmCompromised package
  90. activecritical

    Malware in shopifyto-cms

    Malware in shopifyto-cms Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outs

    npmCompromised package
  91. activecritical

    Malware in to-cms

    Malware in to-cms Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside ent

    npmCompromised package
  92. activecritical

    Malware in chainix

    Malware in chainix Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside en

    npmCompromised package
  93. activecritical

    Malware in chai-as-minted

    Malware in chai-as-minted Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an out

    npmCompromised package
  94. activecritical

    Malware in @tmecontinue/cli

    Malware in @tmecontinue/cli Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an o

    npmCompromised package
  95. activecritical

    Malware in @antoncallahan/aws-user-helper

    Malware in @antoncallahan/aws-user-helper Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been

    npmCompromised package
  96. activecritical

    Malware in @redhat-cloud-services/hcc-feo-mcp

    Malware in @redhat-cloud-services/hcc-feo-mcp Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have

    npmAI agents & skillsCompromised package
  97. activecritical

    Malware in @tmecontinue/claude

    Malware in @tmecontinue/claude Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to a

    npmAI agents & skillsCompromised package
  98. activecritical

    Malware in @t-in-one/prefill_bundle_data_token

    Malware in @t-in-one/prefill_bundle_data_token Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have

    npmCompromised package
  99. activecritical

    Malware in @t-in-one/add_application

    Malware in @t-in-one/add_application Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been give

    npmCompromised package
  100. activecritical

    Malware in @t-in-one/application_id_storage_key_token

    Malware in @t-in-one/application_id_storage_key_token Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer m

    npmCompromised package