118 matches found
EUVD-2025-31579
Malicious code in bioql PyPI...
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
The phishing-as-a-service PhaaS offerings known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a-Service PhaaS deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators...
MAL-2025-46273 Malicious code in test-mlw1-scaud-reach-sored-quipo (npm)
The package test-mlw1-scaud-reach-sored-quipo was found to contain malicious code...
Malicious code in test-mlw2-scaud-reach-sored-quipo (npm)
The package test-mlw2-scaud-reach-sored-quipo was found to contain malicious code...
MAL-2025-46301 Malicious code in test-mlw2-scaud-reach-sored-quipo (npm)
The package test-mlw2-scaud-reach-sored-quipo was found to contain malicious code...
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific APAC region. "The Noodlophile campaign, activ...
Linux Distros Unpatched Vulnerability : CVE-2024-3653
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the...
Malicious code in @malware-test-scaud-reach-sored-quipo/test-mlw3-scaud-reach-sored-quipo (npm)
The package @malware-test-scaud-reach-sored-quipo/test-mlw3-scaud-reach-sored-quipo was found to contain malicious code...
Malicious code in test-mlw2-reach-pests-quill-acted (npm)
The package test-mlw2-reach-pests-quill-acted was found to contain malicious code...
Malicious code in test-mlw2-spore-which-reach-crepe (npm)
The package test-mlw2-spore-which-reach-crepe was found to contain malicious code...
MAL-2025-36096 Malicious code in test-mlw2-reach-pests-quill-acted (npm)
The package test-mlw2-reach-pests-quill-acted was found to contain malicious code...
MAL-2025-36314 Malicious code in test-mlw2-spore-which-reach-crepe (npm)
The package test-mlw2-spore-which-reach-crepe was found to contain malicious code...
Server-side Request Forgery (SSRF)
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. An attacker with high privileges ca...
CVE-2024-50546
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riley Magnuson MyOrderDesk myorderdesk allows DOM-Based XSS.This issue affects MyOrderDesk: from n/a through = 3.2.6...
CVE-2024-50546 WordPress MyOrderDesk plugin <= 3.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riley Magnuson MyOrderDesk myorderdesk allows DOM-Based XSS.This issue affects MyOrderDesk: from n/a through = 3.2.6...
CVE-2024-50546
CVE-2024-50546 affects WordPress MyOrderDesk plugin (≤3.2.6). The issue is a DOM-based XSS arising from improper input neutralization during page generation. Public records (NVD, Red Hat, Patchstack, CVE lists) confirm the vulnerability and indicate a fix exists; remediation is to update to a ver...
frr: mishandled malformed data leading to a crash
A data mishandling vulnerability was found in FRRouting. A malformed MPREACHNLRI data can lead to a crash, resulting in a denial of service...
Raspberry Robin Expands Reach via WSF
...
Friday Squid Blogging: The Geopolitics of Eating Squid
New York Times op-ed on the Chinese dominance of the squid industry: Chinas domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the...
DEBIAN-CVE-2023-46837
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes such as the ones during scrubbing have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the...