diff --git a/.github/ioc-candidates/review/osv-28378751594.json b/.github/ioc-candidates/review/osv-28378751594.json new file mode 100644 index 00000000..824baf42 --- /dev/null +++ b/.github/ioc-candidates/review/osv-28378751594.json @@ -0,0 +1,57 @@ +[ + { + "ecosystem": "npm", + "ioc_type": "package_name", + "value": "checkmarx-claude-cache", + "confidence": "high", + "reason": "Malicious code in checkmarx-claude-cache (npm)", + "source": "https://osv.dev/vulnerability/MAL-2026-6576", + "first_seen": "2026-06-29", + "suggested_action": "block", + "promote_to": "watch_only", + "blacklist_id": "MAL-2026-6576", + "affected_versions": [ + "1.0.0" + ], + "action": "BLOCK", + "severity": "CRITICAL", + "notes": "OSV-confirmed malicious package (MAL-2026-6576). Reported by: amazon-inspector, Amazon Inspector. Review affected versions before promoting to AS-008." + }, + { + "ecosystem": "npm", + "ioc_type": "package_name", + "value": "ollama-helpers", + "confidence": "high", + "reason": "Malicious code in ollama-helpers (npm)", + "source": "https://osv.dev/vulnerability/MAL-2026-6581", + "first_seen": "2026-06-29", + "suggested_action": "block", + "promote_to": "watch_only", + "blacklist_id": "MAL-2026-6581", + "affected_versions": [ + "1.2.1", + "1.2.2" + ], + "action": "BLOCK", + "severity": "CRITICAL", + "notes": "OSV-confirmed malicious package (MAL-2026-6581). Reported by: amazon-inspector, Amazon Inspector. Review affected versions before promoting to AS-008." + }, + { + "ecosystem": "npm", + "ioc_type": "package_name", + "value": "openai-agents-helpers", + "confidence": "high", + "reason": "Malicious code in openai-agents-helpers (npm)", + "source": "https://osv.dev/vulnerability/MAL-2026-6582", + "first_seen": "2026-06-29", + "suggested_action": "block", + "promote_to": "watch_only", + "blacklist_id": "MAL-2026-6582", + "affected_versions": [ + "1.3.2" + ], + "action": "BLOCK", + "severity": "CRITICAL", + "notes": "OSV-confirmed malicious package (MAL-2026-6582). Reported by: amazon-inspector, Amazon Inspector. Review affected versions before promoting to AS-008." + } +]