MAL-2026-3373 Malicious code in owa-analytics-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a42250298e29b58f2cfe75c1d362637e2c31f1a1ef9b9cfbe5d9ff0475fb8 The package owa-analytics-utils was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in mrdaa-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...

Malicious code in 24712-pl5006 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2546cdc76edb1f8a93dcf66c855ca6246bb0d4ed76c72a7fd3c1aec44f34761 The package 24712-pl5006 was found to contain malicious code. Source: ossf-package-analysis...

ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

CVE-2026-36341

CVE-2026-36341 : Webkul Krayin CRM 2.1.5 contains a Cross-Site Scripting (XSS) flaw in the comment input during Activity creation via the /admin/activities/create endpoint. The root cause is inadequate sanitization of user-supplied input in the comment field. The CVSS v3.1 base score is 5.4 (Medi...

Webkul Krayin CRM 跨站脚本漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses developed by the Indian company Webkul. Version 2.1.5 of Webkul Krayin CRM contains a cross-site scripting vulnerability. This vulnerability arises from the lack of cleanup of user input during the...

CVE-2026-36341

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

CVE-2026-36341

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

CVE-2026-36341

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

MAL-2026-3360 Malicious code in @paysafe-tracking/error-monitoring (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2acf9c4e0793663b7ca39f1c5c5a4646e8cecb488863494d904cdce97e01df The package @paysafe-tracking/error-monitoring was found to contain malicious code. Source: ossf-package-analysis...

Best OSINT Tools for Investigations and Threat Intelligence in 2026

Explore the best OSINT tools for your digital investigations, threat intelligence, reconnaissance, and tracking online activity in 2026...

MAL-2026-3359 Malicious code in b2bneo-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81aa2ce0b474a6829ca4aa8dca5776be81b750b88d093c610de24760671b8fb6 The package b2bneo-rest was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-44116

creationtimestamp| type| source ---|---|--- 2026-05-06 20:36:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml7kizyhld2g 2026-05-06 20:37:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml7kk3hh5o2l 2026-05-06 20:40:56+00:00| seen|...

Hackers Hate AI Slop Even More Than You Do

It's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity...

Malicious code in money-badger-open-rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...

Exploit for CVE-2026-0300

CVE-20...

PT-2026-37634

HCL BigFix Service Management SM does not adequately sanitize or safely render spreadsheet files CSV, XLS, XLSX before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when...

MAL-2026-3334 Malicious code in fanduel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2d9b4e8ab1ef054d5774929963bc61b004f7914e48179850c51f77e67410a41 The package fanduel was found to contain malicious code. Source: ossf-package-analysis 49d980743cd761f6fb629d32e14864e720d1269e4208ec9e0f075c5e9f6eb4...

MAL-2026-3329 Malicious code in api-typings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a549cfdf0cbbfa203632d6fe432f69fa60578b8d81b03b75c2bece912aa0c588 The package api-typings was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3330 Malicious code in seek-pass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df5ea10e9459dff09eeff2b45d93b1ffa2458c8b38b7625850b5f2564e3d000f The package seek-pass was found to contain malicious code. Source: ossf-package-analysis...