Malicious code in @saif777/codemirror5 (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

Malicious code in secrets-manager-wrapper (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

MAL-2026-3195 Malicious code in secrets-manager-wrapper (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

MAL-2026-3189 Malicious code in react-video-canvas (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability arises from improper...

angr 9.2.213

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

xhs-mcp 代码问题漏洞

xhs-mcp is an open-source tool developed by Algovate for automated publication and content management of REDnote. Version xhs-mcp 0.8.11 contains a code vulnerability. This vulnerability arises from the mediapaths parameter operation in the xhspublishcontent function within the...

MAL-2026-3140 Malicious code in fivem-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46a604a0acf84f672e7a3235e103f365f9d9f704c96faa12dcb5b9b0a9806004 The package fivem-monitor was found to contain malicious code. Source: ghsa-malware bea91e9a2c853e88f029684fb53cecc15f1960b1ccafb583b1da52a754f9ee4d...

[SECURITY] Fedora 42 Update: firefox-150.0-1.fc42

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

Threat-Oriented Digital Twinning for Security Evaluation of Autonomous Platforms

Open, unclassified research on secure autonomy is constrained by limited access to operational platforms, contested communications infrastructure, and representative adversarial test conditions. This paper presents a threat-oriented digital twinning methodology for cybersecurity evaluation of...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a access control vulnerability. This vulnerability stemmed from a bypass of the allowlist in the Matrix thread root and in the handling of reply contexts, resulting...

PT-2026-35817

Name of the Vulnerable Software and Affected Versions django-s3file versions prior to 7.0.2 Description S3FileMiddleware is susceptible to relative path traversal, allowing an attacker to use a modified request to escape pre-signed upload locations. This enables the Django application to load fil...

Security Bulletin: Langflow OSS Authenticated Remote Code Execution (RCE) vulnerability exists in the validate_code function

Summary Langflow OSS contains a critical vulnerability in code validate endpoint due to unsafe use of Python's exec function within the validatecode routine. While the feature is intended to validate user-supplied function definitions, it fails to account for Python decorators, which are executed...

Malicious code in @apiary-annex/title (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a21d55a19694bb77a748bff53e74597f9c1ed88df95f421975af40efe38a4183 The package @apiary-annex/title was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3110 Malicious code in @apiary-annex/title (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a21d55a19694bb77a748bff53e74597f9c1ed88df95f421975af40efe38a4183 The package @apiary-annex/title was found to contain malicious code. Source: ghsa-malware...

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code VS Code extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate...

CVE-2026-40448

Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0...

CVE-2026-41665

Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0...

CVE-2026-41666

Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0...

CVE-2026-40450

Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0...