Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3491 Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2026-40541

Name of the Vulnerable Software and Affected Versions protobufjs-cli versions prior to 1.2.1 protobufjs-cli versions prior to 2.0.2 Description Static code generation via pbjs can emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a...

strix-advanced

⚡ Strix-Advanced AI-Powered Security Testing Platform An...

Comment and Control: Hijacking Agentic Workflows Via Context-Grounded Evolution

Automation platforms such as GitHub Actions and n8n are increasingly adopting so-called agentic workflows, which integrate Large Language Model LLM agents for tasks such as code review and data synchronization. While bringing convenience for developers, this integration exposes a new risk: An...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017507)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017507 advisory. curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use...

OESA-2026-2243 apache-mina security update

Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...

PT-2026-39402

Name of the Vulnerable Software and Affected Versions Yii Framework versions prior to 2.0.55 Description Internal variables in the View::renderPhpFile and ErrorHandler::renderFile functions are not isolated, which can lead to parameter collisions that allow the overriding of included file paths...

EUVD-2026-28738

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhcidisableslot xhcialloccommand allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhcidisableslot only...

CVE-2026-43432

CVE-2026-43432 relates to the Linux kernel USB xHCI driver. The error path in usb/xhci_disable_slot() previously freed only the command structure (via kfree), leaking the associated completion structure. The patch changes the code to call xhci_free_command() , which frees both the command structu...

CVE-2026-43432

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhcidisableslot xhcialloccommand allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhcidisableslot only...

Longitudinal Analyses of SAST Tools: A CodeQL Case Study

Open-source software OSS pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time. In this paper, we introduce a novel method to evaluate stat...

On the Security of Research Artifacts

Research artifacts are widely shared to support reproducibility, and artifact evaluation AE has become common at many leading conferences. However, AE mainly checks whether artifacts work as claimed and can be reproduced. It largely overlooks potential security risks. Since these artifacts are...

ethical-hacking-lab-reports

Ethical Hacking & Information Security Lab Reports !Security...

LCC-LLM: Leveraging Code-Centric Large Language Models for Malware Attribution

LLMs are increasingly explored for malware analysis; however, current LLM-based malware attribution remains limited by unsupported indicators and insufficient code-level grounding for identifying malicious and vulnerable code segments. To address these limitations, this research introduces LCC-LL...

TUANDROMD-X: Advanced Entropy and Visual Analytics Dataset for Enhanced Malware Detection and Classification

Malware and malware-based attacks are becoming more prevalent and complex. Attackers regularly come up with new techniques that have the ability to evade conventional and signature-based malware defense. In order to address such threats, there is an increasing demand for advanced and better defen...

Beyond the Wrapper: Identifying Artifact Reliance in Static Malware Classifiers Using TRUSTEE

Modern cybersecurity relies heavily on static machine-learning-based malware classifiers. However, transformations such as packing and other non-semantic modifications applied to executable files limit their reliability. Malware classifiers often learn these unnecessary artifacts rather than the...

CVE-2026-43123

Summary: CVE-2026-43123 affects the Linux kernel’s fbcon component. The root cause is a missing return-value check in con2fb_acquire_newinfo(); if fbcon_open() fails during this call, info->fbcon_par may be NULL and dereferenced, potentially crashing the system. The provided documents indicate...

CVE-2026-43123 fbcon: check return value of con2fb_acquire_newinfo()

In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fbacquirenewinfo If fbconopen fails when called from con2fbacquirenewinfo then info-fbconpar pointer remains NULL which is later dereferenced. Add check for return value of the function...

SUSE CVE-2026-31730

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap fastrpcinitcreatestaticprocess may free cctx-remoteheap on the errmap path but does not clear the pointer. Later, fastrpcrpmsgremove frees cctx-remoteheap again if it is...