Incident detail

criticalpackagist·maintainer compromise·osv

Malicious code in intercom-php (Packagist)

intercom-php

Published May 13, 2026, 03:14 AM

Risk score

AI summary

Indexed incident for intercom-php (packagist).

Description

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (0bd33abd6fda35e856f8346fda5e85913ce2cad6b4d6c315a2e7138b867760aa)

This package is malicious and was compromised as part of the Mini Shai-Hulud campaign by the TeamPCP threat actor.
The malicious payload steals credentials, and can propogate to NPM packages using credentials it finds.

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%

Timeline

May 13, 03:14 AMAdvisory published
May 26, 03:29 PMIndexed by ThreatPkg

Related incidents

Malicious code in @slipless/sdk (npm)@slipless/sdk92
Malware in int-nodeint-node92
Malware in web3.prcweb3.prc92
Malware in web3-pricesweb3-prices92
Malicious code in web3-prices (npm)web3-prices92