Threats Tagged 'mal-2026-6503'
View all threats tagged with 'mal-2026-6503'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'mal-2026-6503'
Click on any threat for detailed analysis and mitigation recommendations
MAL-2026-6503: Malicious code in js-price-client-node (npm) 0 The npm package js-price-client-node version 1.0.0 contains malicious code that exfiltrates environment variables from the user's .env file during installation. The package's postinstall script reads and parses the .env file, then sends the data to a concealed remote server using a base58-encoded URL split across two files. The exfiltration is stealthy, with errors suppressed and fake success responses returned to avoid detection. The package falsely claims to fetch cryptocurrency prices but performs no such function, instead harvesting sensitive credentials such as API keys and passwords. Join the discussion | GCVE Database | 06/26/2026, 04:42:26 UTC Added: 06/26/2026, 22:05:50 UTC |
Showing 1 to 1 of 1 result