Description
NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers’ wallet.
Recommendation
Update the prebid.js package to the latest compatible version. Followings are version details:
- Affected version(s): = 10.9.2
- Patched version(s): 10.10.0
References
Related Issues
- Prebid-universal-creative latest on npm briefly compromised - CVE-2025-59039
- DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware - CVE-2025-59037
- Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 - CVE-2025-32965
- CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package - CVE-2025-58064
- Tags:
- npm
- prebid.js
Anything's wrong? Let us know Last updated on September 11, 2025