
We found results for “”
MSC-2025-8028
Good to know:

Date: September 15, 2025
@nativescript-community/text package was compromised to include malicious code that steals github secrets, using them to create malicious github actions workflows that help exfiltrate even more github secrets. Besides, the malicious code also uses a data collection endpoint using webhook.site to collect all the stolen data. We recommend downgrading it to 1.6.8 https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |