EUVD-2025-98818

Malicious code in fitri-miebogor65-riris npm...

EUVD-2025-74273

Malicious code in secondarychickadeeamaranth-93 npm...

EUVD-2025-63293

Malicious code in linearocelotz3n npm...

MAL-2025-24793 Malicious code in kstars (npm)

The package kstars was found to contain malicious code...

Malicious code in garretts (npm)

The package garretts was found to contain malicious code...

MAL-2025-10169 Malicious code in @zalastax/nolb-_kup (npm)

The package @zalastax/nolb-kup was found to contain malicious code...

MAL-2025-26480 Malicious code in misere (npm)

The package misere was found to contain malicious code...

Malicious code in elecsim (npm)

The package elecsim was found to contain malicious code...

Malicious code in xigua-lion-2hrd (npm)

The package xigua-lion-2hrd was found to contain malicious code...

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat By Trellix · June 18, 2025 This blog was also written by Trishaan Kalra Introduction What happens when a trusted open source library becomes a conduit for stealthy malware delivery? That question became reality when the...

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21,...

MAL-2022-6359 Malicious code in support-center-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9b673278e41147360b4b0bd132d9d89f3a3258cabc1a4ab76a30572717d0d70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Email-Worm.Win32.Sidex Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/a98cdaa89da57bf269873db63e22a939.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Sidex Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.Delf.aez Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/be4a6274679ca966a1d99140db54c25a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.aez Vulnerability: Unauthenticated Remote Command Execution Description: The...

Super cannon Great Cannon）defect inquiry of JS bloomer-vulnerability warning-the black bar safety net

Following the last post in the black bar to secure the article on the super cannon Great Cannon）defect inquiry of TTL article, we reference from abroad, a research organization for the event post-mortem analysis, as well as by being an attack site log and capture the code on a bloomer, locking Th...

Malware Discovery Forces National Vulnerability Database Offline

The website of the National Vulnerability Database NVD remains down today, six days after malware was reportedly found on its servers. Since March 8, users trying to reach NVD’s site have been redirected to a “Site/Page Not Available” announcement, coupled with a note that the site has “experienc...