Measuring Onion Website Discovery and Tor Users' Interests with Honeypots

Tor enables anonymous web browsing and access to anonymous onion websites. Prior work has focused on crawling and content analysis rather than on what users actually try to access. Our honeypot approach measures engagement across onion-site categories, revealing behavioral interest rather than...

Malicious code in avomainah-fras-ofafau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 799c1ad4ae1b70b0aea0225d7f5565dd9940cbfd28ef0a1995d25c2bfa1c846b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146148 Malicious code in phoebe-dactyl-hydra-uglify-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15069d6c517ba07a6ed22a9fc3941b90f3ed7cd9171a1029f4f45dd9c8976e82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-97674 Malicious code in cockroach_blue-64-tisubasah (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2d88ce984e9b31308833bc84a862bf25070a219ac93d4280243e2839b3ef01c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-89737 Malicious code in putri-oncom20-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2492eeb168d915836c877df8eee5fe714ef452e3c02e3e00a0e769ef0fec331 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-72736 Malicious code in erick-brengkes75-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba236b4490badfb2ee6d1da615e036d8e5cbea0005bb22b73b9cf9886e8f77f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-ubi37-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb6e187f69a31fc2f731b6af3e790e01d8528fd30288441512b5ebf89156e2d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in soft-jade-takin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d760d82d6cf5c00e004c217760aac7e00abd68e29199fff3fc9712d4724483 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

USB: a Comprehensive and Unified Safety Evaluation Benchmark for Multimodal Large Language Models

Despite their remarkable achievements and widespread adoption, Multimodal Large Language Models MLLMs have revealed significant security vulnerabilities, highlighting the urgent need for robust safety evaluation benchmarks. Existing MLLM safety benchmarks, however, fall short in terms of data...

May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - EXPIRED

May 23, 2024—KB5039705 OS Build 17763.5830 Out-of-band - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ​​​​​​​...

GHSA-2JXW-4HM4-6W87 SQL injection in llama-index

LlamaIndex aka llamaindex through 0.9.35 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...

CVE-2024-23751

LlamaIndex aka llamaindex through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

Sql injection

LlamaIndex aka llamaindex through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...

The Japanese Financial Services Attack Landscape

Recently, we released a major report analyzing the threat landscape of Japan, the globe’s third largest economy. In that report we looked at the ways in which threat actors infiltrate Japanese companies spoiler alert: it is often through foreign subsidiaries and affiliates and some of the most...

[VPN Plugin] Transfer Login keeps Loading with Non-English language setting

In Citrix Gateway VPN environment, you may observe the following issue when "Transfer Login": After clicking "Transfer" on Client VPN plugin, the button keepsspinning loading and stuck. Logs investigation show the following clues: Problem can only be observed in Non-English language setting Plugi...

[SECURITY] Fedora 34 Update: aspell-0.60.8-7.fc34

GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Its main feature is that it does a much better job of coming up with possible suggestions than just about any other spell checker out there for the English...

Storefront page displayed in Dutch instead of English

In certain conditions, the StoreFront web page may be displayed in a language other than English. In this instance, we are using Dutch as an example but this applies to any language...

What Google learned from 1 billion evil email scams

Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. "Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk" looked at more than a billion mails. The results were then f...

ZenTao Pro 8.8.2 Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and...