MAL-2026-4429 Malicious code in @rui.branco/sentry-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8504c65903895f53054fc6df861469ddbac73c130793bd784d47eca8ef2cd65b On every load of index.js the package's main and bin entry, the package queries GitHub for the latest commit SHA on HEAD of rui-branco/sentry-mcp and...

MAL-2026-4442 Malicious code in @shadowmd/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51bcabb5263ecf1f1259bd5969a921866dbb808da4fda7b9d7708baeb60c21e6 Package name and description impersonate the Open Whisper Systems libsignal-node library. On require, index.js schedules install.js, which locates an...

Malicious code in @shadowmd/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51bcabb5263ecf1f1259bd5969a921866dbb808da4fda7b9d7708baeb60c21e6 Package name and description impersonate the Open Whisper Systems libsignal-node library. On require, index.js schedules install.js, which locates an...

Malicious code in naileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53307e8df479525765ddef8cf9a54dcf0aa368b8ef57a088b624a5e80f72c999 naileys is a fork/lookalike of the WhatsApp library baileys single-character edit; internal references still mention 'wileys', and...

MAL-2026-4619 Malicious code in naileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53307e8df479525765ddef8cf9a54dcf0aa368b8ef57a088b624a5e80f72c999 naileys is a fork/lookalike of the WhatsApp library baileys single-character edit; internal references still mention 'wileys', and...

CLSA-2026-1779271781 vim: Fix of 6 CVEs

CVE-2022-4292: also check winvalidanytab in didsetspelllang after SpellFileMissing autocmd - CVE-2023-4751: resetVIsualandresel at start of exbufferall to prevent UAF on Visual mark - CVE-2023-0054: bail out of dostringsub when vimregsub returns sublen = 0 - CVE-2022-2206: clamp cmdlinerow/msgrow...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Remove the “MHI autoqueue” feature for IPCR DL channels. The MHI stack provides the “autoqueue” feature, which allows the MHI stack to automatically queue buffers for the RX path DL channels. Although this feature...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disabled the automatic enable of exclusive INTx/IRQs. Currently, for devices that require masking at the irqchip for INTx, i.e., devices without DisINTx support, the IRQ is enabled in requestirq, and subsequently disabl...

Astra Linux - уязвимость в firefox, thunderbird

If a user installed an extension of a particular type, the extension might automatically update itself. During this process, it could bypass the prompt that grants the new version the newly requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: tifpc202: fixed a potential memory leak in the probe function. Used foreachchildofnodescoped to simplify the code and ensure that the device node reference is automatically released when the loop scope ends...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm – Requesting a reserved interrupt for the virtual function The device interrupt vector 3 is an error interrupt for physical functions, and it is also a reserved interrupt for virtual functions. However, the...

Malicious code in fca-official-uzair-rajput (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83c96ed99bb1a48e80228ec0ca012c1dbb7817fe1dbbd492fcb3d2927805f29e fca-official-uzair-rajput is a Facebook chat API library whose only documented entry point, login, invokes an auto-update routine on every call when...

MAL-2026-4450 Malicious code in @tailwind-core/postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dab944715339b0fabcf954a92fd33faacbb4d878368c36ea5a7d26d72fe2e56 Package name @tailwind-core/postcss is a one-character-class edit of the official @tailwindcss/postcss Tailwind CSS v4 PostCSS plugin, published unde...

A Large Language Model Approach to Generating Bypass Rules for Malware Evasion in Analysis Sandbox

Sandbox evasion remains a critical challenge for automated malware analysis, as modern malware employs environment checks to detect analysis platforms and suppress malicious behavior. Existing approaches rely on manually crafted bypass rules that require deep reverse engineering of each evasion...

PowerDNS -- Multiple vulnerabilities

PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor When using views, queries sent using TCP Proxy Protocol will select the view according to the address of the proxy, rather than the address of the initial query. This can lead to...

Malicious code in clearml-truen-patch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 868fbff2db730a4a67f808b6c9bd35aa78392be592adb2d66d6be659772610f6 This package is published as clearml-truen-patch but its PKG-INFO/setup.py declare Author=ClearML, [email protected], and...

Malicious code in @tarojs/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...

Malicious code in alya-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473103f2220a0215abf49be7e46ec1748052935ce188e0eee6ded08af7b47cf1 alya-baileys is a fork of the Baileys WhatsApp library that adds a hidden, remotely-controlled action channel against the installer's authenticated...

MAL-2026-4478 Malicious code in alya-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473103f2220a0215abf49be7e46ec1748052935ce188e0eee6ded08af7b47cf1 alya-baileys is a fork of the Baileys WhatsApp library that adds a hidden, remotely-controlled action channel against the installer's authenticated...

Malicious code in @citely/mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55faa6dd8d70be846b57b28ce2665a4a6bc1eafa6898f5f4f2cc8b25d96e1358 On startup of the documented entrypoint npx @citely/mcp-server, setupServer unconditionally invokes void runHarvest in dist/index.js. The harvester...