MAL-2026-5096 Malicious code in cscc-glass-house (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240 Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF. --- Category:...

MAL-2026-4954 Malicious code in @cloudplatform-single-spa/observability (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4941 Malicious code in @cloudplatform-single-spa/ml-finetuning (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4575 Malicious code in happy-dlscord.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d183bf51c0f2be0102a7a7aeeda661f895e3b075f183d76d5f0f77c09c70860 The package name 'happy-dlscord.js' is a one-character edit of the top-tier npm package 'discord.js' and ships a near-verbatim fork of the upstream...

MAL-2026-4390 Malicious code in @flowselections/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28cf238827c035b4f3103aff9bf803421b7d16d1c7877d7e74c5fcd71f3283b The package exports a supabase client and LoginPage component wired to a hardcoded Supabase URL https://vmicscahrnzpmhagztmx.supabase.co and anon key...

MAL-2026-4758 Malicious code in nebulix-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ea83117b0ae362a2b55ad581d69b3600c81b78d2e90c19bb1ea9eea2266a4c The package's documented NebulixEngine.chat API hardcodes two Firebase Realtime Database URLs owned by the author...

MAL-2026-3743 Malicious code in sol-batch-transfer-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dab4fb850a1ce0b83f1e7f74ce0281ca8309031037355f9a247dbd0a715eab4d The code silently adds a hardcoded address to the list of transfer recipients. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-3703 Malicious code in crypto-hash-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9807f28fe2b1260f19dfda8b33a6091967c5e18c41dc86365f06b6ad3ceb4eab During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

MAL-2026-3699 Malicious code in aiohttp-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a826a64a0405306b51cd85239237982278e758bc8109e7da521e15f003ca6e During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

MAL-2026-3672 Malicious code in 1mi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a68ec5fa97918431510ba9ef57d3d601738891094478b5ebf996a3eafa0cb960 This package masquerades as a Cloudflare Worker Telegraf middleware README: 'cfworker-middware-telegraf' but its main module unconditionally forwards...

MAL-2026-3392 Malicious code in wallet-scanner-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3c24dfc47c3ee1d37f4d7ec65a43d1f861422d7fb3ee6f8e8b6e6a85fe2b5120 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

MAL-2026-3388 Malicious code in crypto-bot-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ece4ae851dba85751377f47097bd30525eafdcbf8cd08b57d2a06aa3a02b367 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

MAL-2026-3385 Malicious code in web3-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b4b0ec18a585bcc92bfeea9cf5e3febdd7d540f38f78cb1acc62ce33784a492 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

Astra Linux - уязвимость в thunderbird

When loading the shared library that provides the OTR protocol implementation, Thunderbird initially attempts to open it using a filename that is not distributed by Thunderbird. If a computer has already been infected with a malicious library from the alternative filename, and the malicious libra...

UBUNTU-CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

Malicious Package

Overview chai-as-mobj is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2695 Malicious code in cpu-optimizers2-33 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb2ab5bcc8a1a35fbd4e5d9b19ac517134ea3fd497e66d7d7126089743804a1c Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

CVE-2026-5397

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

Malicious code in hiveos-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc412fc6f4c4059bbea28f3aa4ff430b5cc0405b6117995d8b401be1ed514932 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

CVE-2025-59710

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...