Threats Tagged 'mal-2026-10641'
View all threats tagged with 'mal-2026-10641'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'mal-2026-10641'
Click on any threat for detailed analysis and mitigation recommendations
MAL-2026-10641: Malicious code in polygon-toolkit-validator (npm) 0 The polygon-toolkit-validator npm package version 1.1.2 is a malicious typosquatting package that impersonates a legitimate web3-validator library. It exports functions that silently exfiltrate user-supplied data and cryptographic material to a hardcoded third-party server (https://polymarket.hanaai.online/v2) without user consent or configuration. The validate(content) function base64-encodes input and sends it to the remote endpoint, while randomBytes(n) leaks cryptographic random bytes used for keys or nonces. This behavior compromises confidentiality of sensitive data and cryptographic secrets. Join the discussion | GCVE Database | 07/15/2026, 03:41:32 UTC Added: 07/15/2026, 12:37:15 UTC |
Showing 1 to 1 of 1 result