MAL-2023-8039 Malicious code in vision-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 22b046ac73ecbc50209ffe4bb757a9736adafeb2a51ad9123c0d8a3902374246 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8026 Malicious code in docs-public-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ef1db73ad9c5c4da2dd3bded796ac7c4f660ab81ff6fd5cd77f0452265d05d6f Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-7940 Malicious code in school-task-tester (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 68ee519ca1ab3166481b83f77e489872146bf1fb26bfe3678f16da5e5aa169a0 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-7937 Malicious code in hh-dep-monitoring (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ac7b27f86bac41db082963b72360f1c159fa5ecbaf4a72d766ae92548df697f3 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-8032 Malicious code in olymptrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 980d1b05adbe09f084ff3a74bbcdf8e7b12c80d99842d8caf74bb22009af6e38 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-7939 Malicious code in orbitplate (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx df1bde52050b0c84fcf4221afb1f77445edcbfc7e307f2eaf54fb104ce916f06 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in olymptrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 980d1b05adbe09f084ff3a74bbcdf8e7b12c80d99842d8caf74bb22009af6e38 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-7931 Malicious code in career-service-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d053ab0c6c3eb4184d3e98ecd922d23cc351f70a7df8a410d1271644721481ac Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in hh-dep-monitoring (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ac7b27f86bac41db082963b72360f1c159fa5ecbaf4a72d766ae92548df697f3 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Hospital Information System Cross-Site Scripting Vulnerability

Hospital Information System is a hospital information management system organized by SourceCode and Projects. A security vulnerability exists in Code Projects Hospital Information System version 1.0 that stems from a cross-site scripting XSS vulnerability...

New Yashma Ransomware Variant Mimics WannaCry in New Attack

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Vietnamese-origin threat actor employs a Yashma ransomware variant since June 2023, using unique GitHub-based ransom note delivery and mimicking WannaCry. This operation demonstrates the accelerated...

Malicious code in ng-zulutrade-ssr (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b7f6b1d4585de70357f4ac94823e53c6846ebaeaf161d5088e75c3fde5f7ac05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8031 Malicious code in ng-zulutrade-ssr (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b7f6b1d4585de70357f4ac94823e53c6846ebaeaf161d5088e75c3fde5f7ac05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

HackerOne: HackerOne SAML signup domain enforcement bypass results in unauthorized access to HackerOne PullRequest organization

A vulnerability was discovered where SAML signup domain enforcement for new signups belonging to SAML-enabled organizations could be bypassed by appending control characters, allowing unauthorized access. This was leveraged to access the HackerOne PullRequest organization and view source code in...

New Yashma Ransomware Variant Targets Multiple English-Speaking Countries

An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely...

Microsoft Signing Key Stolen by Chinese

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase "negligent security practices" is being tosse...

CVE-2023-38497 Cargo not respecting umask when extracting crate archives

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

MAL-2023-1056 Malicious code in binarium-crm (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0319a4b526e85c3f33642aef37de9fb6a431f79dc995b4829c1bf12b854d8721 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

WordPress Forminator 1.24.6 Shell Upload

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...

WordPress Forminator 1.24.6 Plugin - Unauthenticated Remote Command Execution Vulnerability

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql - Apache2 -...