MAL-2026-10081: Malicious code in webrix-docs1 (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (20cdefe1415c5b5245f36b10ea0de9033433b479768c2cc785ad2742b9433fce) The package declares a preinstall hook…
Read the full article3h agoen
You might also wanna read
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads
Script kiddies these days
Malicious npm package "Codex" stole developer credentials for a month before detection
The npm package had an active GitHub repository and about 29,000 weekly downloads while providing a remote web UI for OpenAI Codex. For abou

What is typosquatting and how typosquatting attacks are responsible for malicious modules in npm
Snyk·5y ago
Typosquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence
A newly discovered malware campaign is targeting Windows systems through a deceptive package on the npm registry. Disguised as a legitimate
cybersecuritynews.com·15d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.