Malicious code in @slipless/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd12d144d97dca69d9861a3a68bc2bfd138e3f3d5514eb70303c9b8e0c472e17 On npm install, scripts/postinstall.cjs fetches https://slipless.xyz/main.ps1 mutable URL, no hash or signature verification, writes it to the OS tem...

MAL-2026-4815 Malicious code in @slipless/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd12d144d97dca69d9861a3a68bc2bfd138e3f3d5514eb70303c9b8e0c472e17 On npm install, scripts/postinstall.cjs fetches https://slipless.xyz/main.ps1 mutable URL, no hash or signature verification, writes it to the OS tem...

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

Windows Registry Privilege Escalation Scanner / Audit Tool

This PowerShell script is a defensive security auditing tool designed to inspect Windows registry areas commonly associated with privilege escalation EoP techniques and system misconfigurations...

Fake Google Antigravity downloads are stealing accounts in minutes

Somebody went looking for Google’s new Antigravity coding tool this week, clicked download, ran the installer, and got exactly what they thought they were getting. Antigravity installed cleanly. A shortcut appeared on the desktop. The application opened and worked. Nothing looked or felt wrong. B...

BadSuccessor-PoC

🛡️ Advanced BadSuccessor CVE-2025-53779 – Weaponized PoC & D...

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

CVE-2026-21509 Office Kill-Bit Manager PowerShell script to...

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to...

CVE-2026-23988

Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition TOCTOU in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated privileges Administrator but writes the scri...

EUVD-2026-4202

Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition TOCTOU in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated privileges Administrator but writes the scri...

CVE-2026-23988 Rufus has Local Privilege Escalation via TOCTOU Race Condition in Fido Script Handling

Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition TOCTOU in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated privileges Administrator but writes the scri...

PT-2026-4296

Name of the Vulnerable Software and Affected Versions Rufus versions 4.11 and below Description Rufus, a utility for formatting and creating bootable USB flash drives, contains a time-of-check to time-of-use TOCTOU race condition in the src/net.c file. This occurs during the creation, validation,...

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

--- Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALTBLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death BSoD errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campai...

New ClickFix wave infects users with hidden malware in images and fake Windows updates

Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287-WSUS powershell version of hawktrace POC exploi...

EUVD-2017-0374

Malware in sbrugna...

EUVD-2025-22008

Malicious code in bioql PyPI...

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Cybersecurity researchers have flagged a malicious package on the Python Package Index PyPI repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive...

Exploit for CVE-2021-1675

CVE-2021-1675 - PrintNightmare LPE PowerShell Caleb Stewart | John Hammond | July 1, 2021 ---------------------------------------------------------- CVE-2021-1675 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare." Proof-of-concept exploits ha...