CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/17 9:0 p.m.•7 views

Malicious Package

Overview axois-utils is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid organizatio...

Snyk•added 2026/05/17 9:0 p.m.•7 views

Malicious Package

Overview @deadcode09284814/axios-util is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a...

Snyk•added 2026/05/17 9:0 p.m.•10 views

Malicious Package

Overview chalk-tempalte is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid...

Snyk•added 2026/05/17 9:0 p.m.•8 views

Malicious Package

Overview color-style-utils is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid...

Snyk•added 2026/05/14 9:0 p.m.•7 views

Embedded Malicious Code

Overview node-ipc is an A nodejs module for local and remote Inter Process Communication IPC, Neural Networking, and able to facilitate machine learning. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an advanced credential-stealing infostealer. A...

9.8CVSS6AI score

Malwarebytes•added 2026/04/30 3:48 p.m.•5 views

Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do

More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child's among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date. Between October 2025 and January 2026, the hacking group is sa...

5.6AI score

The Hacker News•added 2026/04/06 11:45 a.m.•5 views

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just how...

6.3AI score

The Hacker News•added 2026/03/23 8:31 a.m.•8 views

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4,...

9.4CVSS6.2AI score0.60368EPSS

Exploits2

OSSF Malicious Packages•added 2026/02/08 9:21 p.m.•6 views

Malicious code in hardixx-code (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...

5.5AI score

Exploits0References1

Talos Blog•added 2026/01/15 7:0 p.m.•6 views

Predicting 2026

Welcome to this week's edition of the Threat Source newsletter. It's become traditional at this time of year to make predictions about cybersecurity for the coming year. Obviously, no one has a crystal ball to predict the future, and if they did, they would be quietly making a fortune rather than...

7.3AI score

HackRead•added 2025/07/08 12:3 p.m.•8 views

Infostealers-as-a-Service Push Identity Hacks to Record Highs

Identity-based cyberattacks soar 156%, driven by cheap Phishing-as-a-Service & infostealer malware. Learn how criminals bypass MFA to steal credentials, access bank accounts, and compromise business emails...

7.3AI score

Trend Micro Simply Security•added 2025/06/11 12:0 a.m.•4 views

Operation Secure: Trend Micro's Threat Intelligence Fuels INTERPOL's Infostealer Infrastructure Takedown

In this blog, we discuss how Trend Micro played a pivotal role in Operation Secure, a multi-national law enforcement effort that dismantled the infrastructure behind widespread infostealer malware campaigns across Asia and the Pacific...

7.2AI score

Trellix•added 2025/06/05 12:0 a.m.•22 views

Demystifying Myth Stealer: A Rust Based InfoStealer

Demystifying Myth Stealer: A Rust Based InfoStealer By Niranjan Hegde, Vasantha Lakshmanan Ambasankar and Adarsh S · June 5, 2025 Introduction During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. Up...

7.5AI score

Microsoft Secure•added 2025/05/21 4:0 p.m.•22 views

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Over the past year, Microsoft observed the persistent growth and operational sophistication of Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors to target various industries. Our investigation into Lumma Stealer’s distribution infrastructure reveals a...

7.9AI score

HackRead•added 2025/04/08 12:51 p.m.•16 views

HellCat Ransomware Hits 4 Firms using Infostealer-Stolen Jira Credentials

HellCat ransomware hits 4 companies by exploiting Jira credentials stolen through infostealer malware, continuing their global attack spree...

7.4AI score