Malicious npm Package pino-sdk-v2 Exfiltrates Secrets to Discord
A malicious npm package impersonating the popular pino logger was detected by SafeDep. The package hides obfuscated code inside a legitimate library file to steal environment secrets and send them to…
Read the full articleYou might also wanna read
MAL-2026-10055: Malicious code in chain-chai-async (npm)
The npm package chain-chai-async version 1.3.5 impersonates the legitimate pino logging library by copying its source files and exporting a
MAL-2026-7022: Malicious code in tslint-conf (npm)
The npm package 'tslint-conf' version 7.2.1 is a malicious package masquerading as the 'pino' logger. It exports middleware that, when invok
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users o
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
MAL-2026-10075: Malicious code in testudo-pack (npm)
The testudo-pack npm package version 1.0.0 contains malicious code that executes during installation and runtime. It downloads and runs an u
MAL-2026-10077: Malicious code in type-slint (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (1b5cd26e040f4f4366ed65cca4b70258d276f781e0aab76b99b

Comments
Sign in to join the conversation.
No comments yet. Be the first.