Lucene search
K

495 matches found

The Hacker News
The Hacker News
added 2026/05/07 11:33 a.m.19 views

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like...

10CVSS6.5AI score0.03678EPSS
Exploits1
OSV
OSV
added 2026/05/07 5:42 a.m.15 views

MAL-2026-3364 Malicious code in quicklytookerv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 5:42 a.m.14 views

Malicious code in quicklytookerv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.23 views

PT-2026-38400

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description The screenshots, tasks, and component link API endpoints allow for the enumeration of translations within a project that the user should not be able to access. Recommendations Update to version 5.17...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 10:29 a.m.13 views

Malicious code in randomchoicemas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0dc4c38310ad4ec9a939abd09fa48fce4f2f2e91e02389d59f3fefc30eda4c2c The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/04/28 5:49 p.m.9 views

Why Sharing a Screenshot Can Get You Jailed in the UAE

The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years...

5.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/02 8:26 p.m.7 views

Malicious code in nwin32tls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a47778618cad57dbc584afdff7ed138032b69c423a9812e1bc8f86c13129f01d Importing the module starts a loop that listens to key strokes and on every capslock press exfiltrates screenshot to a hardcoded location. --- Category:...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.10 views

PT-2026-28499

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description The software embeds long-lived shared gateway credentials directly within pairing setup codes. These codes are generated by the /pair API endpoint and the OpenClaw qr command. If setup codes are...

8.6CVSS5.9AI score0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:37 p.m.4 views

CVE-2026-33711

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.0 use predictable...

5.7CVSS5.9AI score0.0035EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/21 10:53 p.m.7 views

MAL-2026-2020 Malicious code in aiolrucache (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files,...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/21 10:53 p.m.8 views

Malicious code in aiolrucache (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files,...

5.9AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/10 7:34 a.m.131 views

pentesting-notes

🔐 Pentesting Notes Personal penetration testing documentati...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/10 7:34 a.m.119 views

pentesting-writeups

🔐 Pentesting Writeups Personal penetration testing document...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/28 8:25 p.m.10 views

Malicious code in myproject-bola (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

6AI score
Exploits0References1
OSV
OSV
added 2026/02/28 8:25 p.m.6 views

MAL-2026-1091 Malicious code in myproject-bola (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/28 8:22 p.m.15 views

Malicious code in isb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 93750cbddba7897fde1d31836971e11082ad2076012c7caf708980de45827840 Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

6AI score
Exploits0References1
NVD
NVD
added 2026/02/20 5:25 p.m.20 views

CVE-2026-26049

The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...

5.7CVSS0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 4:3 p.m.4 views

CVE-2026-26049 Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials

The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...

5.7CVSS5.5AI score0.00281EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 4:3 p.m.18 views

CVE-2026-26049

CVE-2026-26049 affects the Jinan USR IOT USR-W610 embedded web interface. The vulnerability is that the web UI renders the administrator password in a plaintext input field, making the current password directly visible to anyone with UI access and enabling credential exposure via shoulder surfing...

5.7CVSS5.5AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.8 views

PT-2026-21241

The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...

5.7CVSS5.5AI score0.00281EPSS
Exploits0References3
Rows per page
Query Builder