Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service MaaS campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active...

EUVD-2026-33983

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

EUVD-2026-33976

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

EUVD-2026-33960

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

PT-2026-45856

Name of the Vulnerable Software and Affected Versions CloudburstMC Protocol versions prior to 3.0.0.Beta12-20260420.182526-15 Description CloudburstMC Protocol, a protocol library for Minecraft Bedrock Edition, contains a flaw where validation for FULL type authentication tokens is partially...

MC-271325-DoS-PoC

Log amplification based denial for service for vanilla Minecra...

MC-271325-PoC

Status trailing-byte log amplification MC-271325 Unauthenti...

Rcon-Bruteforce

RCON Scanner & Exploitation Toolkit ⚠️ EDUCATIONAL PURPOSE...

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

Geyser 代码问题漏洞

Geyser is a cross-platform game version bridging proxy tool developed by GeyserMC. Versions of Geyser prior to 2.9.3 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when processing texture data for players’ heads in Minecraft. This allowed attackers...

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer aka GrabBot. "The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cybersecurity company Zeno...

Malicious code in minecraft_image_to_blocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2964fa21dbcfc8cb5ea71c00e80f65d7fd7ed1e9989d6be254456e6ef9b08e3 The package minecraftimagetoblocks was found to contain malicious code...

EUVD-2026-21694

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

bareiron 安全漏洞

Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability, which stems from the existence of arbitrary memory write conditions, potentially allowing unverified attackers to execute arbitrary code...

bareiron 安全漏洞

Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability, which stems from excessive memory access. This vulnerability could allow unverified attackers to access sensitive information or cause denial-of-service attacks...

PoC-AntiAutoclicker

PoC-AntiAutoclicker Th...

bareiron 安全漏洞

Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability that stems from excessive reading of memory contents. This vulnerability could allow unverified remote attackers to cause information leakage by sending data packets...

bareiron 安全漏洞

Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability, which stems from a buffer overflow. This vulnerability could allow unverified remote attackers to trigger a denial-of-service attack by sending data packets...

Malicious code in eslint-config-minecraft-scripting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 965724c03399dbf45fac622dbfa8cb38e94e6cf7e3c137390da6e2818b9f073b The package eslint-config-minecraft-scripting was found to contain malicious code. Source: ghsa-malware...