Malicious code in @tiledesk/tiledesk-server (npm)

@tiledesk/tiledesk-server version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the megalodon campaign — a mass GitHub repository backdooring operation targeting CI/CD runner...

MAL-2026-4228 Malicious code in @tiledesk/tiledesk-server (npm)

@tiledesk/tiledesk-server version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the megalodon campaign — a mass GitHub repository backdooring operation targeting CI/CD runner...

CVE-2026-47763

creationtimestamp| type| source ---|---|--- 2026-05-21 07:16:44+00:00| published-proof-of-concept| https://github.com/pdm-project/pdm/security/advisories/GHSA-ghq2-5c67-fprm...

Malicious code in @toni77777/aora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8566221a9ab9a1cb01b0f23e2af4b140d2e97310701b8c9a8f4bed1481fb22b2 On npm install, scripts/postinstall.js fetches a platform-specific executable from https://github.com/yourusername/aora/releases/download/v0.1.0/,...

MAL-2026-4458 Malicious code in @toni77777/aora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8566221a9ab9a1cb01b0f23e2af4b140d2e97310701b8c9a8f4bed1481fb22b2 On npm install, scripts/postinstall.js fetches a platform-specific executable from https://github.com/yourusername/aora/releases/download/v0.1.0/,...

CVE-2026-45250

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:04+00:00| seen| https://t.me/GithubRedTeam/85149 2026-05-21 07:00:13+00:00| seen| Telegram/0oVkH4V3C9Cndp9LVxg4I8W2m2s-mbtiL-m94vGYIMA5C-Q 2026-05-21 09:00:04+00:00| seen| Telegram/vpOabQVvb76izlIWt2pzp7PU5zl-D7jeeGQcHuuxEyFlkWM...

MAL-2026-4472 Malicious code in @zhengshuo888/huoke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f352f11f7811b28966799c9359f99dbbe9829240066504be17c100981dd45ab On npm install, the package's postinstall hook runs node bin/huoke.js install-skill, which uses execSync to invoke curl -fsSL against...

MAL-2026-4573 Malicious code in git-userhub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 859f77ac10aa89722823e0477f8f6986db2b54dd25b1b2aedb05ee31d5891071 Package name 'git-userhub' is a lookalike of a GitHub-related identity, with no legitimate publisher backing. The package.json declares a postinstall...

Malicious code in git-userhub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 859f77ac10aa89722823e0477f8f6986db2b54dd25b1b2aedb05ee31d5891071 Package name 'git-userhub' is a lookalike of a GitHub-related identity, with no legitimate publisher backing. The package.json declares a postinstall...

GHSA-G2XH-C426-V8MF

creationtimestamp| type| source ---|---|--- 2026-05-21 00:45:42+00:00| seen| https://gist.github.com/FuzzysTodd/4e10f5b327d09a37dc02a2a08f442f94...

PT-2026-42815

Name of the Vulnerable Software and Affected Versions wasmtime-wasi affected versions not specified Description An access control mechanism bypass exists when a filesystem preopen is configured with DirPerms::all and FilePerms::READ without FilePerms::WRITE. This allows bypassing restrictions by...

CVE-2026-48113

creationtimestamp| type| source ---|---|--- 2026-05-20 23:29:51+00:00| published-proof-of-concept| https://github.com/jpillora/chisel/security/advisories/GHSA-24fp-5v3p-rvpw...

CVE-2026-46705

creationtimestamp| type| source ---|---|--- 2026-05-20 22:48:47+00:00| published-proof-of-concept| https://github.com/Eugeny/russh/security/advisories/GHSA-hpv4-5h6f-wqr3 2026-06-10 23:00:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxsulhtsc2f...

GHSA-J989-FGGP-QGP5 vulnerabilities

Vulnerabilities for packages: python...

GHSA-C9J4-9M59-847W

creationtimestamp| type| source ---|---|--- 2026-05-20 19:07:38+00:00| seen| https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/ 2026-05-21 10:45:20+00:00| seen| https://bsky.app/profile/tech-trending.bsky.social/post/3mmeahvo27p2m 2026-05-21...

GO-2026-4991 Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...

GO-2026-4988 DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header in github.com/l3montree-dev/devguard

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

GO-2026-4953 goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

GO-2026-5009 Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

In this article 1. Attack chain overview 1. Technical analysis 2. How GitHub took action to prevent further harm 2. Mitigation and protection guidance 1. Microsoft Defender XDR Detections 2. Microsoft Defender XDR Threat analytics 3. Advanced hunting 4. Indicators of Compromise IOC 3. References ...