9906 matches found
Claude Enterprise Meets the Security Graph: Wiz Integrates with Anthropic's Compliance API
Security and compliance teams can now monitor Claude activity directly in Wiz, extending the workflows they already rely on to AI...
CVE-2026-7284
creationtimestamp| type| source ---|---|--- 2026-05-20 03:00:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116604667946550443 2026-05-20 03:00:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmavz62j2w2w 2026-05-20 03:00:44+00:00| seen|...
Malicious code in @shinzepelly/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...
PT-2026-42147
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description A security check in nodevm.js designed to block the combination of nesting: true and require: false is bypassed because it uses strict equality options.require === false. If the require option is omitte...
PT-2026-42146
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description An issue exists where the Symbol.for override in setup-sandbox.js only intercepts a small portion of dangerous Node.js cross-realm symbols. This is compounded by the bridge's set, defineProperty, and...
GenAI-Driven Threat Detection with Microsoft Security Copilot
Defending against today's increasingly sophisticated cyberattacks requires security analysts to continuously translate evolving attacker tradecraft into detection logic. This places defenders in a reactive posture, requiring constantly updated expertise across an increasingly fragmented security...
CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...
CVE-2026-45498
creationtimestamp| type| source ---|---|--- 2026-05-19 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1878 2026-05-20 10:16:09+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-489 2026-05-20 14:10:08+00:00| seen|...
MAL-2026-4172 Malicious code in @piewasm/pie-web-npm-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...
WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3...
MAL-2026-4169 Malicious code in paysafe-gbp-virtual-assistant-lib-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 940faf3ecfa6ee3c09c995a5f124d4a3b53bf2e2e5eaccea8156ce7bd25494eb The package paysafe-gbp-virtual-assistant-lib-fe was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in identitysecuretokenserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2704e731d0b82aa5927cf3713f741111b03fe8efb2d886cb0ef472a24705c5e3 The package identitysecuretokenserv was found to contain malicious code. Source: ossf-package-analysis...
ScadaBR
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...
MAL-2026-3856 Malicious code in @antv/calendar-heatmap (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
How Storm-2949 turned a compromised identity into a cloud-wide breach
In this article 1. Attack chain overview 1. Cloud compromise: Microsoft Entra ID and Microsoft 365 2. Initial access and persistence through targeted social engineering and SSPR abuse 3. Directory discovery and persistence 4. Microsoft 365 discovery and exfiltration 5. Cloud compromise: Microsoft...
CERTFR-2026-ACT-022
creationtimestamp| type| source ---|---|--- 2026-05-18 11:39:08+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mm4s3dwvnz2n 2026-05-18 11:39:09+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116595382450086436...
The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed
The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations...
Malicious code in clementine-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24a589617ff547a464cb26e7d9a5675151e221ab5d144088fbc60cb0fbe41135 The package clementine-sdk was found to contain malicious code. Source: ghsa-malware aee6ab0f050d475e499cb88539f229969e72affe6313b116693e5da3fa7c7a4c...
Malicious code in citrea-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd20c7509b081678aafda4ba6ba713f0604260082e2a52d79f0fb94a49a2ba52 The package citrea-sdk was found to contain malicious code. Source: ghsa-malware da76b8e09db42c5bea1b9b971c8ea392e906f297b2931f289c3960ffc04a6e3f Any...
Malicious code in @citi-icg-158830/icgds-react-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6255b5d27ddf97d5093328983d54e39a05ce73176cdc472aa2df8499fa506f1e The package @citi-icg-158830/icgds-react-css was found to contain malicious code. Source: ghsa-malware...