MAL-2026-10066: Malicious code in nps-retrieval-diagnostics (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (1d9521917c225941dd1bfc038c4f324d24ebb9d99b99596e8a481558da10a0df) The package's bin entry…
Read the full articleYou might also wanna read
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A single npm user published 14 malicious packages impersonating OpenSearch/Elasticsearch libraries to steal AWS, Vault, and CI/CD secrets.
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Malicious npm package "Codex" stole developer credentials for a month before detection
The npm package had an active GitHub repository and about 29,000 weekly downloads while providing a remote web UI for OpenAI Codex. For abou
Nx Build Kit Security Breach: Malware Steals Wallets and Credentials via GitHub Repositories
What is s1ngularity-repository? Nx is compromised and the malware steals wallets and API keys using Claude CLI or Gemini.

Comments
Sign in to join the conversation.
No comments yet. Be the first.