Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and...

Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Overview Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 - CVE-2025-58401 Rui Nakajima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

Obsidian 安全漏洞

Obsidian is a knowledge base for native Markdown files from the Obsidian community. A security vulnerability exists in versions of Obsidian prior to 1.2.2 that stems from allowing unintended API calls via embedded web pages...

Obsidian 输入验证错误漏洞

Obsidian is a knowledge base for native Markdown files from the Obsidian community. A security vulnerability exists in Obsidian that stems from its open use without checking URLs leading to an attacker being able to cause remote execution of obsidian code via a specific URL. The following version...