Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'mal-2026-10571'

View all threats tagged with 'mal-2026-10571'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: mal-2026-10571

Threats Tagged 'mal-2026-10571'

Click on any threat for detailed analysis and mitigation recommendations

MAL-2026-10571: Malicious code in @wrenfield/viem (npm)
0

--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (fa26048a977a00adcd1ffc42ccf06110e3807bb2a3145a01fd01318dcfe79771) Package `@wrenfield/viem` impersonates the popular `viem` library (homepage viem.sh, repo wevm/viem); README and authors fields credit the real viem maintainers but the package itself is published under an unrelated `@wrenfield` scope. The shipped source under `_cjs/` mirrors viem's real code, but `package.json` rewrites the `abitype` dependency via npm alias: `"abitype": "npm:@wrenfield/[email protected]"`. The CommonJS entry `_cjs/index.js` calls `require("abitype")` at module load, so any installer who `require()`s or `import`s `@wrenfield/viem` transitively pulls and executes code from `@wrenfield/[email protected]` — a separate package under the same attacker-controlled scope, outside this tarball. The combination of brand impersonation of a top npm package plus a silent dependency redirect to an attacker-controlled namespace is the namespace-abuse / dependency-hijack pattern: the lure package looks legitimate on inspection, while the actual payload is delivered through the redirected dependency at first import.

Join the discussion

Showing 1 to 1 of 1 result

Filters:Tag: mal-2026-10571
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses