Malicious Package in github.com/bufferzonecorp/net-helper

Q: How to fix?

Avoid using all malicious instances of the github.com/BufferZoneCorp/net-helper package.

Threat Intelligence

Attacked

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-GOLANG-GITHUBCOMBUFFERZONECORPNETHELPER-16643554
published13 May 2026
disclosed13 May 2026
creditKirill Boychenko

Report a new vulnerability Found a mistake?

Introduced: 13 May 2026

New Malicious CWE-506 (opens in a new tab)

How to fix?

Avoid using all malicious instances of the github.com/BufferZoneCorp/net-helper package.

Overview

github.com/BufferZoneCorp/net-helper is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster of modules that impersonate legitimate infrastructure utilities but execute distinct malicious payloads automatically upon initialization.

Note: While earlier versions may have appeared benign to evade detection, the maintainer's intent was malicious, and all versions should be considered compromised.

References

Socket Article

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Malicious Package Affecting github.com/bufferzonecorp/net-helper package, versions >=0.0.0

Severity