964 matches found
Malicious code in artifact-lab-3-package-b6920ef4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0239eb42a339ea04c20285cf4f4fd719e841f19d6e59a2cbb78f6e982fcea446 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2024-8051 Malicious code in artifact-lab-3-package-3eef6c2c (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2325acb67ca59e847fd003a5449350d2b0b12620ed80cb82cc6189f091bdacc7 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2024-10473 Malicious code in artifact-lab-3-package-02f73e0e (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ce38f402ec2ebebcc95e82007ff5807caab91173d1823fe9aa89db982083701e Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2024-8023 Malicious code in artifact-lab-3-package-b6920ef4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0239eb42a339ea04c20285cf4f4fd719e841f19d6e59a2cbb78f6e982fcea446 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2024-8026 Malicious code in artifact-lab-3-package-9fde789f (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f494a5211d4ea10a131bb54919b6d5e1bf765cea0c3cc018c054e7e304f5856f Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2024-8011 Malicious code in postman-open-technologies-knowledge-base-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a0f1159812781f3847a9da7e6b4455cd3f3ee8bd00da0eddbe589dd52d1d56e8 The OpenSSF Package Analysis project identified 'postman-open-technologies-knowledge-base-api' @ 1.2.3 npm as malicious. It is considered...
MAL-2024-7899 Malicious code in @taxify/smartpickups (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9d20e7ecf4639b1082be1a46fec756d84cc7d8fc35310af0e6af87e19879fcf7 The OpenSSF Package Analysis project identified '@taxify/smartpickups' @ 9.999.0 npm as malicious. It is considered malicious because: - The...
MAL-2024-7895 Malicious code in lit-3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58fa9943fe7f3a2ad80c2d7ec817ab05718838e0aef345b7d44416f0f525cdc2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7896 Malicious code in nvmfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 147e71ec4a806f079f678e7df61fa161680442319b62f425a34e7e8bd87b1e85 The OpenSSF Package Analysis project identified 'nvmfix' @ 1.0.3 npm as malicious. It is considered malicious because: - The package communicate...
Education in Secure Software Development
The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all...
MAL-2024-7870 Malicious code in persona-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32b489c0a0bbd44ab1697c3d0492595441e65b30a71a26af76a7dce54fb3d706 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7832 Malicious code in zapier-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 98a72694a59e2b2fa9040cc6e3b823a0e1dabe2ebd53ea16ebd7afbfb8306e01 The OpenSSF Package Analysis project identified 'zapier-elements' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in byted-cg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 90e251b9f3c49de738ecec6d31759290c20383f748735d901d797110fd1b6fb2 The OpenSSF Package Analysis project identified 'byted-cg' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-7811 Malicious code in ent-file-upload-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e476e9a95e121c935215443a2069d17764649684cdf226b5d429ea50a9c8c422 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7820 Malicious code in sendapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293c4e6568da723c801c3e4e60c18d4384908f054f67dfce8cc6769a5dac1f74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4699 Malicious code in cugraph-service-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0246f55913ed7c36615843f23e434366bb7e1491332d526c91700a891ee8fde7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-3600 Malicious code in hello-wordl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 238c137f1939d99c855ef5fedf6f16b67ac8fcd9087d80270475d3eeff8e8c65 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-1512 Malicious code in testresearchpackagedc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b9a3d67880a7182900acdd5dafdb79bff126438c5538693dbd27c0c0848b2fb3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-128 Malicious code in pyqubee (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f966d9bb86511c937bd68311d8a63c9a6e06dfdd7947b56f6f43f2c75504ae7d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-7801 Malicious code in slo-schema (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 43e18d91b3514c4d1f87bbc68730da7b0ce3213e132d2133cb2ee0d06bc07504 The OpenSSF Package Analysis project identified 'slo-schema' @ 10.20.2 npm as malicious. It is considered malicious because: - The package...