npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control C2 channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way to post messages to channels in the platform...

MAL-2025-191629 Malicious code in hexdec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b35c77c73cb594ed27985ac5e797ed54657a3301e976728e8fdf06dedb94e085 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-191648 Malicious code in mcp-runcommand-server2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36fb61d44529c380f204d5a210017989695ef39df6adfce7ccfb08e48a17b594 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in mcp-runcommand-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17f8adb9e7e30e13f8656300881d4e04975f499c03c2f1dbea2e00fd86c357a5 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-191647 Malicious code in mcp-runcommand-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17f8adb9e7e30e13f8656300881d4e04975f499c03c2f1dbea2e00fd86c357a5 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in anothertestproject (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9afc767fc8ba3416898082c5c16725f6006f89401be77366b8fdf487aeb51e5 Package contains a malicious executable and a function to start it. The executable is detected by AV and appears to be an infostealer --- Category: MALICIOUS -...

MAL-2025-191681 Malicious code in anothertestproject (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9afc767fc8ba3416898082c5c16725f6006f89401be77366b8fdf487aeb51e5 Package contains a malicious executable and a function to start it. The executable is detected by AV and appears to be an infostealer --- Category: MALICIOUS -...

EUVD-2025-31862

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...

EUVD-2025-31866

EUVD-2025-31866...

EUVD-2025-31865

EUVD-2025-31865...

EUVD-2025-31864

EUVD-2025-31864...

EUVD-2005-4830

Malware in sbrugna...

EUVD-2011-3446

Malware in sbrugna...

EUVD-2013-1122

Malware in sbrugna...

EUVD-2016-10736

Malware in sbrugna...

EUVD-2009-1200

Malware in sbrugna...

EUVD-2019-3048

Malware in sbrugna...

EUVD-2016-2920

Malware in sbrugna...

EUVD-2000-0812

Malware in sbrugna...

EUVD-2012-1880

Malware in sbrugna...