Incident detail

criticalgo·credential theft·osv

Malicious code in github.com/BufferZoneCorp/config-loader (Go)

github.com/BufferZoneCorp/config-loader

Published May 13, 2026, 03:09 AM

Risk score

AI summary

Indexed incident for github.com/BufferZoneCorp/config-loader (go).

Description

This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters.
The packages in this cluster steal credentials, set up ssh access and tamper with build/workflow environmetn variables.

Technical details

Timeline

May 13, 03:09 AMAdvisory published
May 26, 03:29 PMIndexed by ThreatPkg

Related incidents

Malicious code in bittensor-burn-watch (PyPI)bittensor-burn-watch92
Malicious code in clip-logger (PyPI)clip-logger92
Malicious code in executable-stories-jest (npm)executable-stories-jest92
Malicious code in wrangler-deploy (npm)wrangler-deploy92
Malicious code in node-env-resolver (npm)node-env-resolver92