Malicious code in weavedb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25ff456baf684075b65ecf808bbfe36cbf91811fb4b04b70c13a3dd9d8a9403 package.json declares "preinstall": "./tools/setup", where tools/setup is a 976KB stripped Linux x86-64 ELF binary sha256...

Malicious code in codefrequencychecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4202ead7b36e01a039c10a9379f617de02b50d5a69d5923652cfafb6f22067b6 Package exfiltrates browser cookies and passwords, and starts a Telegram bot allowing re-exfiltrating later. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-126 Malicious code in codefrequencychecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4202ead7b36e01a039c10a9379f617de02b50d5a69d5923652cfafb6f22067b6 Package exfiltrates browser cookies and passwords, and starts a Telegram bot allowing re-exfiltrating later. --- Category: MALICIOUS - The campaign has clearly...

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primari...

ToddyCat: your hidden email assistant. Part 1

Introduction Email remains the main means of business correspondence at organizations. It can be set up either using on-premises infrastructure for example, by deploying Microsoft Exchange Server or through cloud mail services such as Microsoft 365 or Gmail. However, some organizations do not...

EUVD-2019-9915

Malware in sbrugna...

EUVD-2016-5631

Malware in sbrugna...

EUVD-2022-4255

Malicious code in bioql PyPI...

Cookies and how to bake them: what they are for, associated risks, and what session hijacking has to do with it

When you visit almost any website, you'll see a pop-up asking you to accept, decline, or customize the cookies it collects. Sometimes, it just tells you that cookies are in use by default. We randomly checked 647 websites, and 563 of them displayed cookie notifications. Most of the time, users...

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

CVE-2019-1357

A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608...

MAL-2025-191922 Malicious code in voipms-service (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6482a67f89f2d1c1c86faa07e57079b58fc63b84013774eeced6ed752da99ba3 The package pretends to do something meaningful, but in fact, just exfiltrates users' cookies from the browser --- Category: MALICIOUS - The campaign has clear...

Malicious code in voipms-service (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6482a67f89f2d1c1c86faa07e57079b58fc63b84013774eeced6ed752da99ba3 The package pretends to do something meaningful, but in fact, just exfiltrates users' cookies from the browser --- Category: MALICIOUS - The campaign has clear...

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for various online...

MAL-2024-9952 Malicious code in browser-cookies3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ac253e47b0fa143074f6239c3c84b3ecd3521d37f71c4f92937f53cafc5067b5 Package contains a compiled infostealer that is started instead of promised functionality --- Category: MALICIOUS - The campaign has clearly malicious intent,...

MAL-2024-9951 Malicious code in browser-cookies1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cabd14fc21e5314fd1778bac4e49f0cb8a145e773e147666070d85aa60e422c Package contains a compiled infostealer that is started instead of promised functionality --- Category: MALICIOUS - The campaign has clearly malicious intent,...

Cookie-Monster - BOF To Steal Browser Cookies & Credentials

Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handles and then filelessly download the target. Once the Cookies/Login Data files are...

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising

Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. "Threat actors have long used fraudulent ads as a vector to target victims with scams, malvertising, and more,"...

New Atomic Stealer MacOS malware Steals Browser Cookies and Cryptocurrency Wallets

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Atomic Stealer malware is a full-featured infostealer designed to steal sensitive data from macOS users. The malware can grab account passwords, browser data, session cookies, and crypto-wallets. To...