Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

MAL-2026-4347 Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEADVAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan RAT known as AsyncRAT. "The attack...

CVE-2025-47908 vulnerabilities

Vulnerabilities for packages: cortex, grafana-mimir, datadog-agent, fulcio, rekor, timestamp-authority, prometheus-alertmanager...

curl: Unsanitized IPFS CID Allows SSRF Against Configured Gateway

Summary: ipfsurlrewrite in src/toolipfs.c decodes the host component CID of ipfs:// / ipns:// URLs using CURLUURLDECODE and then concatenates that decoded value directly into the gateway path aprintf"%s%s/%s%s", ... without normalization or validation. A crafted host value for example...

Malicious code in @bonk-sdk/ipfs (npm)

The package @bonk-sdk/ipfs was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Network-Level Censorship Attacks in the InterPlanetary File System

The InterPlanetary File System IPFS has been successfully established as the de facto standard for decentralized data storage in the emerging Web3. Despite its decentralized nature, IPFS nodes, as well as IPFS content providers, have converged to centralization in large public clouds...

Malicious code in @metadata-ipfs/validate-hash (npm)

--- -= Per source details. Do not edit below this line.=-...

Hello, Won'T You Tell Me Your Name?: Investigating Anonymity Abuse in IPFS

The InterPlanetary File SystemIPFS offers a decentralized approach to file storage and sharing, promising resilience and efficiency while also realizing the Web3 paradigm. Simultaneously, the offered anonymity raises significant questions about potential misuse. In this study, we explore methods...

Active Sybil Attack and Efficient Defense Strategy in IPFS DHT

The InterPlanetary File System IPFS is a decentralized peer-to-peer P2P storage that relies on Kademlia, a Distributed Hash Table DHT structure commonly used in P2P systems for its proved scalability. However, DHTs are known to be vulnerable to Sybil attacks, in which a single entity controls...

GO-2024-3218 Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse in github.com/libp2p/go-libp2p-kad-dht

Content Censorship in the InterPlanetary File System IPFS via Kademlia DHT abuse in github.com/libp2p/go-libp2p-kad-dht...

IPFS Boxo 安全漏洞

IPFS Boxo is a library for building IPFS applications and implementations from IPFS, Inc. A security vulnerability exists in Boxo version 0.4.0, 0.5.0. An attacker exploiting this vulnerability is able to allocate arbitrarily many bytes in a Bitswap server...

Brave 安全漏洞

Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in Brave Browser versions prior to 1.42.51, which originated from a vulnerability that could allow a remote attacker to cause a denial of service via a crafted HTML file that references an IPFS scheme...

Brave 安全漏洞

Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in Brave Browser versions prior to 1.43.88 that could allow a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file containing an ipfs:// or ipns:// URL...

PT-2022-28093 · Brave · Brave Browser

Name of the Vulnerable Software and Affected Versions: Brave Browser versions prior to 1.42.51 Description: The issue allows a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This is caused by an uncaught exception in the function...

Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns

By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec. Executive Summary Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries. It is marketed as a means to enable remote access, command execution,...

CVE-2020-10937

An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...