Threats Tagged 'mal-2026-10134'
View all threats tagged with 'mal-2026-10134'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'mal-2026-10134'
Click on any threat for detailed analysis and mitigation recommendations
MAL-2026-10134: Malicious code in stella-coder (npm) 0 The stella-coder npm package versions 4.0.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.1.2 contain malicious code that hardcodes a Telegram bot API token controlled by the package author. When users invoke the /tg CLI command, the package starts a Telegram bot on the user's machine that executes shell commands based on messages received via Telegram, allowing remote command execution. The author can observe all bot traffic, including an admin authorization code, enabling unauthorized remote control. The package also sends the hostname and username of the infected machine to the attacker. The malicious functionality activates when the CLI is run or the module is imported and the /tg command is used. No official patch or remediation guidance is provided. Join the discussion | GCVE Database | 07/10/2026, 15:59:07 UTC Added: 07/11/2026, 09:37:35 UTC |
Showing 1 to 1 of 1 result