← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
wormsign — supply-chain: npm:auth0-acul-react-bad
WHITE w0rmsign 2026-05-30 Modified: 2026-05-30
4
IOCs
LOW VOLUME
Wormsign detonated npm:auth0-acul-react-bad in a network-sandboxed environment. Observed 4 indicator(s); 3 appear novel against OTX as of submission. The malicious package was published to the npm registry and is included in our open supply-chain indicator feed. Full context, per-IOC tier classification, and the detonation card with MITRE TTPs: https://wormsign.io/portfolio/auth0-acul-react-bad. TLP:CLEAR — indicators only, no malware samples.
wormsignsupply-chainnpmpackage-compromise
Indicators of Compromise (4)
All URL FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL https://deepwiki.com/badge.svg observed during wormsign detonation of auth0-acul-react-bad 2026-05-30
URL https://deepwiki.com/auth0/universal-login observed during wormsign detonation of auth0-acul-react-bad 2026-05-30
FileHash-SHA256 a683ef7080fdca263e97126d27b6af519b2fc1fa7b992fec20d271535ae061ce observed during wormsign detonation of auth0-acul-react-bad 2026-05-30
FileHash-SHA256 dbc9062fd7112c4c95f87ce3486e1fd2b6c79c9c1b8e76dcc8206847c8c22c45 observed during wormsign detonation of auth0-acul-react-bad 2026-05-30
References (2)
↗ https://wormsign.io/portfolio/auth0-acul-react-bad ↗ https://wormsign.io