Wednesday, 09 July 2025

Dangerous NPM package vulnerability discovered

A vulnerability was found in 2.0.3 and later versions of the popular NPM package veged/coa. Package has been compromised and contains cryptomining and password stealing malware. The malicious code mainly targets Windows.

According to advisory, users using compromised veged/cao 2.0.3 and later should switch to the respective version 2.0.2.

Source: developers.ibexa.co

05 November 2021

-
104