Lucene search
K

75 matches found

OSSF Malicious Packages
OSSF Malicious Packages
β€’added 2 days agoβ€’6 views

Malicious code in yt-api-dlp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3b9ca286cef4b241ded9603c192ce5b13e155cad9b017ee3f89b98674065374 During import, this malicious copy of a legitimate package downloads an encrypted data disguise as an image. It contains an archive with a next-stage script th...

6AI score
Exploits0References4
OSV
OSV
β€’added 2 days agoβ€’4 views

MAL-2026-6754 Malicious code in yt-api-dlp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3b9ca286cef4b241ded9603c192ce5b13e155cad9b017ee3f89b98674065374 During import, this malicious copy of a legitimate package downloads an encrypted data disguise as an image. It contains an archive with a next-stage script th...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
β€’added 2026/06/23 3:25 p.m.β€’8 views

Malicious code in analysis-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...

6AI score
Exploits0References22
OSV
OSV
β€’added 2026/06/23 3:25 p.m.β€’6 views

MAL-2026-6299 Malicious code in analysis-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...

6AI score
Exploits0References22
GithubExploit
GithubExploit
β€’added 2026/05/16 2:53 p.m.β€’79 views

Operation-Molasses

🍯 OPERATION MOLASSES PEKMEZ Zencefil Efendi's Cyber Dow...

6AI score
Exploits0
The Hacker News
The Hacker News
β€’added 2026/05/08 11:0 a.m.β€’16 views

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...

6.1AI score
Exploits0
Talos Blog
Talos Blog
β€’added 2026/05/05 10:0 a.m.β€’20 views

CloudZ RAT potentially steals OTP messages using Pheno plugin

Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool RAT and a previously undocumented plugin called "Pheno." According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of...

6.1AI score
Exploits0
The Hacker News
The Hacker News
β€’added 2026/04/16 5:52 p.m.β€’10 views

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control C2 beaconing intervals, rather than persisten...

6.5AI score
Exploits0
Trellix
Trellix
β€’added 2026/03/11 12:0 a.m.β€’5 views

Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution

Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution By Madhini Muralidharan Β· March 11, 2026 Traditional malware campaigns rely heavily on dropping executable files to diskβ€”artifacts that defenders can scan, quarantine, and analyze with signature-based security tools. Mode...

6.3AI score
Exploits0
The Hacker News
The Hacker News
β€’added 2026/03/06 2:33 p.m.β€’15 views

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan RATs payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOIDGEIST by...

6.1AI score
Exploits0
Metasploit
Metasploit
β€’added 2026/03/03 6:58 p.m.β€’206 views

Linux RC4 Packer with In-Memory Execution (x86)

This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. The evasion module works on systems with Linux Kernel 3.17+ due to memfdcreate support. Features: - RC4 encryption with configurable key size - Fileless execution...

5.9AI score
Exploits0
GithubExploit
GithubExploit
β€’added 2026/02/24 4:13 p.m.β€’172 views

Exploit for CVE-2025-30401

πŸ‘» GhostPort: WhatsApp Web Stager PoC πŸ“Œ Project Overview GhostP...

6.7CVSS6AI score0.15844EPSS
Exploits1
Packet Storm
Packet Storm
β€’added 2026/01/21 12:0 a.m.β€’143 views

πŸ“„ Metasploit Web Delivery PHP Proof of Concept

This project presents an advanced proof of concept that emulates the behavior of Metasploit's multi/script/webdelivery module using PHP. The goal is to demonstrate how script-based payload delivery works in a modular and extensible way, without relying directly on Metasploit. The script launches ...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
β€’added 2026/01/21 12:0 a.m.β€’3 views

Malicious PixelCode Delivery Technique

Malicious PixelCode is a security research project that demonstrates a covert technique for encoding executable files into pixel data and storing them inside images or videos. A lightweight loader retrieves the media file, reconstructs the original binary, and executes it in memory. This project...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
β€’added 2026/01/09 9:58 a.m.β€’6 views

CVE-2020-7456

In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with...

7.2CVSS6.8AI score0.0056EPSS
Exploits0References1
GithubExploit
GithubExploit
β€’added 2025/10/21 10:27 a.m.β€’176 views

Exploit for Out-of-bounds Write in Mediatek Software_Development_Kit

What is Registry Exploit? Phantom-Registry-Exploit-Cve2025-20...

9.8CVSS7.7AI score0.00459EPSS
Exploits1
RedhatCVE
RedhatCVE
β€’added 2025/10/10 1:31 a.m.β€’5 views

CVE-2017-20201

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS7AI score0.00494EPSS
Exploits0References1
EUVD
EUVD
β€’added 2025/10/08 10:4 p.m.β€’4 views

EUVD-2025-33278

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS6.5AI score0.00494EPSS
Exploits0References12
Cvelist
Cvelist
β€’added 2025/10/08 10:4 p.m.β€’10 views

CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS0.00494EPSS
Exploits0References8
Positive Technologies
Positive Technologies
β€’added 2025/10/08 12:0 a.m.β€’5 views

PT-2025-41312

Name of the Vulnerable Software and Affected Versions CCleaner versions 5.33.6162 CCleaner Cloud versions 1.07.3191 Description CCleaner and CCleaner Cloud contained a malicious pre-entry-point loader that redirects execution to a custom loader. This loader decodes an embedded blob into shellcode...

9.3CVSS6.9AI score0.00494EPSS
Exploits0References10
Rows per page
Query Builder