MAL-2026-10078: Malicious code in vybscan-testbed-inert-postinstall (npm)
The npm package 'vybscan-testbed-inert-postinstall' version 1.0.0 contains malicious code in its postinstall script. This script executes automatically during 'npm install' and collects the host…
Read the full articleYou might also wanna read
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
Typosquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence
A newly discovered malware campaign is targeting Windows systems through a deceptive package on the npm registry. Disguised as a legitimate
cybersecuritynews.com·15d agoMicrosoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
A 176-package npm malware campaign used dependency confusion and install-time scripts to steal credentials and compromise developer and CI/C
Injective SDK on npm infected with cryptocurrency wallet stealer
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manage
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users o

Comments
Sign in to join the conversation.
No comments yet. Be the first.