Malicious code in lazmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 292e8512aa9e77a20a04a58cee3529ea31b9451e5c9067bbad7be57b5eb8c7fb Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-191779 Malicious code in lazmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 292e8512aa9e77a20a04a58cee3529ea31b9451e5c9067bbad7be57b5eb8c7fb Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-191759 Malicious code in hkmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3c3063747c35c5ae091331ac2c35dbef66c945aca73b06ee32ef1f0ec088009 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in hkmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3c3063747c35c5ae091331ac2c35dbef66c945aca73b06ee32ef1f0ec088009 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-191750 Malicious code in hekamhelp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ac329f6244d2faf82ef12a167d1b46de2a9043fb1c086b67a45458d75d227562 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in hekamhelp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ac329f6244d2faf82ef12a167d1b46de2a9043fb1c086b67a45458d75d227562 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in talbat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa560ce194b853d26b02cc7a6fc99298c2b1de4516a8beb84b84475aa1fb23b3 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-191885 Malicious code in talbat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa560ce194b853d26b02cc7a6fc99298c2b1de4516a8beb84b84475aa1fb23b3 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

CVE-2025-53943

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...

GHSA-77RM-9X9H-XJ3G

creationtimestamp| type| source ---|---|--- 2025-07-16 07:57:46+00:00| seen| https://gist.github.com/safer-bot/77d94a9af1e1eb4557c057300da0a0ec 2025-07-16 14:01:42+00:00| seen| https://gist.github.com/safer-bot/7ddb036557afbccff4b128b5c0cf2325 2025-07-16 21:53:54+00:00| seen|...

GHSA-2X83-R56G-CV47

creationtimestamp| type| source ---|---|--- 2025-07-16 03:12:23+00:00| seen| https://gist.github.com/safer-bot/79174d0c201539d79b25fe0f667fa43e 2025-07-16 03:39:54+00:00| seen| https://gist.github.com/safer-bot/2d5f96fb1f5118b0adf472cee7a0dff8 2025-07-16 09:53:00+00:00| seen|...

McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai...

SUSE CVE-2025-2571

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...

Agentic AI Is Here — and It’s Shaping the Future of Bot Defense

...

GHSA-WF8F-6423-GFXG

creationtimestamp| type| source ---|---|--- 2025-06-17 13:11:06+00:00| seen| https://gist.github.com/safer-bot/227b935768f4907b3da218450ed38465 2025-07-07 04:47:43+00:00| seen| https://gist.github.com/safer-bot/d7517da551eae1157b9e505894777990 2025-07-16 04:34:54+00:00| seen|...

GHSA-PQ2G-WX69-C263

creationtimestamp| type| source ---|---|--- 2025-06-17 13:11:06+00:00| seen| https://gist.github.com/safer-bot/227b935768f4907b3da218450ed38465 2025-07-07 04:47:43+00:00| seen| https://gist.github.com/safer-bot/d7517da551eae1157b9e505894777990 2025-07-16 03:34:12+00:00| seen|...

CVE-2025-5815

The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcmmaybesetbotflags function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging...

CVE-2025-5815 Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update

The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcmmaybesetbotflags function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging...

CVE-2025-5815 Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update

The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcmmaybesetbotflags function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging...

CVE-2025-5815

The Traffic Monitor plugin for WordPress (up to version 3.2.2) is vulnerable due to a missing capability check in the tfcm_maybe_set_bot_flags()/tfcm_set_bot_flags AJAX path, allowing unauthenticated attackers to disable bot logging. This is an unauthenticated remote modification risk affecting t...