@cda-apps/source

MAL-2026-336

npmmalware1/19/2026
Description

Malicious code in @cda-apps/source (npm)

Indicators of Compromise
SHA256 Hashes (2)
356aaa5e677bd040b40c0cec9325f05ae0c9e0e05c364bc0db6ba9837d4607a6
1b5806c1f8be7708beab46a8c3d8c222da577363ce72533ed3fb40aadd28a7c2
References (1)
https://github.com/advisories/GHSA-6gqx-gcxc-q57cOSV
Details
Ecosystemnpm
Attack Typemalware
Published1/19/2026
Affected Versions
0
Aliases
GHSA-6gqx-gcxc-q57c
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001