2178 matches found
EUVD-2025-198776
Malicious code in discord-bot-server npm...
MAL-2025-190769 Malicious code in discord-bot-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 776ab082f80b19df2b2fcc6ab43b00b9ca8bfa0f5ca3d9154efb2aa7de6ee7db The package discord-bot-server was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191875 Malicious code in speed-testing-vps (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in speed-testing-vps (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in kdewebhelper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da8701a407522875f63d2aaa28d27194fe8e2faa4d7782fd66639f224ae62dcd Importing the module connects to a Telegram bot and provides its operator with abilities to execute commands, exfiltrate and encrypt data. The target group see...
MAL-2025-191772 Malicious code in kdewebhelper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da8701a407522875f63d2aaa28d27194fe8e2faa4d7782fd66639f224ae62dcd Importing the module connects to a Telegram bot and provides its operator with abilities to execute commands, exfiltrate and encrypt data. The target group see...
Bot Management for the Agentic Era
...
WordPress ArtiBot Free Chat Bot for WebSites plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ArtiBot Free Chat Bot for WebSites plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...
Cline Bot AI Agent Vulnerable to Data Theft and Code Execution
Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution...
CVE-2025-12078
The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2025-197933
The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin ArtiBot Free Chat Bot for WebSites 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ArtiBot Free Chat Bot for WebSites plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...
WordPress ArtiBot Free Chat Bot for WebSites plugin <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage vulnerability
Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin ArtiBot versions = 1.1.7...
CVE-2025-40138
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid NULL pointer dereference in f2fscheckquotaconsistency syzbot reported a f2fs bug as below: Oops: gen 107.736417 T5848 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 ...
MAL-2025-182193 Malicious code in gociay-unga-fugiufcgiaga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d623b8122fcd8f439c7ff440d4925865408fc94bb86bf0b21e364df9b2f83fd7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-161035 Malicious code in musik-dait-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5345333170d823915e8b650dd3ba6878743d12947925b59b6c1dfc44f3e15c21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in galih-mangut54-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 554e4fd3e0a13ccbd91095ff25735713ba91902f67fd3fc6e4a848db89add8c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
How credentials get stolen in seconds, even with a script-kiddie-level phish
This attempt to phish credentials caught our attention, mostly because of its front-end simplicity. Even though this is a script-kiddie-level type of attack, we figured it was worth writing up—precisely because it’s so easy to follow what they're up to. The email is direct and to the point. Not a...
kernel: vxlan: check vxlan_vnigroup_init() return value
In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlanvnigroupinit return value vxlaninit must check vxlanvnigroupinit success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c:...
CAHICHA: Computer Automated Hardware Interaction Test to Tell Computer and Humans Apart
As automation bot technology and Artificial Intelligence is evolving rapidly, conventional human verification techniques like voice CAPTCHAs and knowledge-based authentication are becoming less effective. Bots and scrapers with Artificial Intelligence AI capabilities can now detect and solve visu...