Threats Tagged 'mal-2026-10175'
View all threats tagged with 'mal-2026-10175'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'mal-2026-10175'
Click on any threat for detailed analysis and mitigation recommendations
MAL-2026-10175: Malicious code in chai-as-doc (npm) 0 The npm package chai-as-doc version 2.3.5 is a malicious typosquatting package that masquerades as pino-style logging middleware. Upon being required, it spawns a detached Node.js child process that executes a script which base64-decodes a hardcoded URL and sends the entire environment variables (process.env) to this remote endpoint. The response from the endpoint is then executed as code with full access to the local require function, enabling arbitrary code execution within the installer's Node process with full environment and credential access. Join the discussion | GCVE Database | 07/10/2026, 21:24:50 UTC Added: 07/11/2026, 09:36:47 UTC |
Showing 1 to 1 of 1 result