Threats Tagged 'mal-2026-10072'
View all threats tagged with 'mal-2026-10072'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'mal-2026-10072'
Click on any threat for detailed analysis and mitigation recommendations
MAL-2026-10072: Malicious code in polymarket-trader-apis (npm) 0 The polymarket-trader-apis npm package versions 0.1.0 and 2.1.0 contain malicious code that acts as a remote code loader. It fetches a JSON payload from an unrelated third-party domain and executes the 'credits' field as JavaScript code with Node.js globals in scope, enabling arbitrary code execution. The package disguises this behavior by framing the code as an SVG icon fetcher and uses misleading keywords. Declared dependencies suggest the payload may perform credential and browser database harvesting once executed. There is no integrity verification of the remote payload, making this a high-risk supply chain threat. Join the discussion | GCVE Database | 07/09/2026, 15:48:20 UTC Added: 07/10/2026, 09:25:37 UTC |
Showing 1 to 1 of 1 result