Malicious code in livekit-agents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5abf921f58c69745fee91e812853b493a282f3d42f55db38516ba54b827ea35b The unscoped npm package livekit-agents advertises itself in README as the official LiveKit Agents SDK and links to livekit.io documentation, but the...

MAL-2026-6555 Malicious code in livekit-agents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5abf921f58c69745fee91e812853b493a282f3d42f55db38516ba54b827ea35b The unscoped npm package livekit-agents advertises itself in README as the official LiveKit Agents SDK and links to livekit.io documentation, but the...

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark , said the...

CVE-2026-53113

A flaw was found in the Linux kernel's ath11k Wi-Fi driver. Specifically, the ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid functions, responsible for setting up beacon templates, fail to release allocated memory when an error occurs during parameter setup. This oversight can lead to...

MAL-2026-6512 Malicious code in react-context-form-tdsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37 [email protected] is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an...

MAL-2026-6480 Malicious code in gx-npm-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e919710d2f28ec776b8165821ebe2fbe480c1e432ec9416c7b73bd1315ee6a6e Package published at version 99.99.99 under a generic name gx-npm-lib — the canonical dependency-confusion shape used to overshadow internal packages...

MAL-2026-6466 Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

Linux Distros Unpatched Vulnerability : CVE-2026-53113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath11k: fix memory leaks in beacon template setup The functions ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid allocate memory for beacon...

EUVD-2026-38981

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leaks in beacon template setup The functions ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid allocate memory for beacon templates but fail to free it when parameter setup returns an error. Since...

EUVD-2026-38980

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...

Malicious code in hs-locale-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d717c264a1c338c3b3fee43c13e43eba24cafbdabf34f62108bbd99e05c6b1b Package targets the internal-sounding name 'hs-locale-management' on the public npm registry at an inflated version 99.99.99-poc3, the canonical...

MAL-2026-6394 Malicious code in hs-locale-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d717c264a1c338c3b3fee43c13e43eba24cafbdabf34f62108bbd99e05c6b1b Package targets the internal-sounding name 'hs-locale-management' on the public npm registry at an inflated version 99.99.99-poc3, the canonical...

MAL-2026-6295 Malicious code in kdrive-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...

Malicious code in kdrive-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed an out-of-bounds read during the parsing of the OnBeacon Extended Supported Rates ESR extension. The handling of the ESR extension during the OnBeacon phase involves accessing p + 1 + ielen and p + 2 +...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Do not finalize the CSA in IBSS mode if the state is disconnected. When we are not connected to a channel, sending the “switch” announcement doesn’t make any sense. The BSS list is empty in that case. This causes...

Astra Linux – Vulnerabilities in Linux, Linux-6.1, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: wfx: Fixed a possible NULL pointer dereferencing in wfxsetmfpap. Since 'ieee80211beaconget' may return NULL, wfxsetmfpap should check the return value before examining the skb data. Therefore, the latter function should...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211: A use-after-free issue was addressed in the cmpbss function. This issue was introduced due to a quiriness related to the bssfree function introduced in commit 776b3580178f „cfg80211: Properly track hidden SSID...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89 – fixed the potential zero beacon interval in beacon tracking. During fuzz testing, it was discovered that bssconf-beaconint might be zero, which could lead to a division by zero error in subsequent calculations. If t...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: rt2x00 – The beacon queue is restarted when a hardware reset occurs. When a hardware reset is triggered, all registers are reset, causing all queues to be stopped in the hardware interface. However, mac80211 does not...