VDB
GCVE-110-OSM-2026-7307
GCVE-110-OSM-2026-7307
Advisory PublishedCVSS 9.6/10
Malicious npm package 'tailwindcss-devtools' attributed to North Korea's Contagious Interview campaign (Socket). The package delivers a DPRK infostealer (BeaverTail/InvisibleFerret) that steals developer credentials and cryptocurrency wallets.
Part of North Korea's Contagious Interview campaign (Famous Chollima / DPRK-linked), tracked by Socket.
Delivery: malicious package posing as a legitimate library, pushed to targeted developers during fake job-interview coding assessments (or via typosquatting of popular packages).
Behavior: install-time and/or runtime loader retrieves and executes follow-on infostealer payloads (BeaverTail / InvisibleFerret family), harvesting developer credentials, browser data, keychains, and cryptocurrency wallets, and establishing a backdoor for remote access.
Objective: credential theft and cryptocurrency exfiltration.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | tailwindcss-devtools | 1.4.0 (affected) | — |
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.