MAL-2026-10068: Malicious code in polymarket-kelly-math (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f4b668f5fa9e3cce1dd0ddee31443ff3e797c19e9343b750dee86ddef888b02a) The package's postinstall script…
Read the full articleYou might also wanna read
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
Polymarket to reimburse $3 million lost in supply-chain attack via third-party vendor
Polymarket says it will fully reimburse customers who lost about $3 million after a malicious script was injected into its frontend through
hendryadrian.com·13d agoAI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware
Urgent warning: Maintainers of popular npm packages like ESLint Prettier Plugin were attacked via an npm supply chain malware incident. Lear
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the cr
Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
Over 1,000 NPM packages were infected using the same method as the previous attack, infecting with a fake Bun runtime. The attacker leverage

Comments
Sign in to join the conversation.
No comments yet. Be the first.