xpack-subscription

MAL-2026-1160

npmmalware3/3/2026
Description

Malicious code in xpack-subscription (npm)

Indicators of Compromise
SHA256 Hashes (4)
764e96f1c4197d6049674d2bbc6515f9d2de2682002cb53a8540f1f95f5c3694
62edc6bb089c839e93cf7b71b8b46ca1f5d064272cac586b49cda41fc40b1c19
d417dea6e9c46c73fa3e10620e00cbddf2b71d98ac11832df65605b3feddee52
60bcecb6430d0df36fc4252482d76327b760078265fceb4291091836e0cad733
References (2)
https://github.com/advisories/GHSA-9f55-3p24-3r9cOSVhttps://opensourcemalware.com/blog/xpack-attackOSV
Details
Ecosystemnpm
Attack Typemalware
Published3/3/2026
Affected Versions
0
Aliases
GHSA-9f55-3p24-3r9c
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001