MAL-2026-10071: Malicious code in polymarket-kit (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (63a4eba33a56521a94e4e0b3ab2923d58b0c5cd398c791e36433536591a1d6ff) Package name and description advertise a…
Read the full articleYou might also wanna read
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the cr

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injec
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
Over 1,000 NPM packages were infected using the same method as the previous attack, infecting with a fake Bun runtime. The attacker leverage
Polymarket to reimburse $3 million lost in supply-chain attack via third-party vendor
Polymarket says it will fully reimburse customers who lost about $3 million after a malicious script was injected into its frontend through
hendryadrian.com·13d agoAI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Comments
Sign in to join the conversation.
No comments yet. Be the first.