MAL-2026-4522 Malicious code in claude-all-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c5a1f5a6f5bd2dadc4e207ff4e8e310c24cd4c99c751ed094251e00e0af8f3 On install, postinstall.js writes configuration into /.claude/, /.gemini/, /.codex/, and /.kiro/ that hard-wires AI tooling to author-controlled...

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control C2 infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary...

`microsoftsystem64` was removed from crates.io for malicious code

microsoftsystem64 installs a hardcoded SSH authorizedkeys entry persistence/backdoor and scans for sensitive files .env, credential-like JSON names, keyword-matching docs, reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages a...

MAL-2026-2525 Malicious code in frontend-backoffice (npm)

Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f06949fafe41d4b38a42b1c5573750638b411c02b6edcb1958f3f5aad933d...

CVE-2025-43496

creationtimestamp| type| source ---|---|--- 2026-04-02 22:20:56+00:00| seen| Telegram/Vwk8vKhOFNDS6JM2yCv9XSPx-NaP1qDSk3KCYnu2uDrc7N0...

CVE-2025-58949

creationtimestamp| type| source ---|---|--- 2026-01-20 20:23:36+00:00| seen| Telegram/qeINtiFjC5uqNqFbiLvfYo4-yp8bAbb7XtnrK6VlFMDClDo...

CVE-2025-58889

creationtimestamp| type| source ---|---|--- 2026-01-20 20:22:11+00:00| seen| Telegram/0xDArAX3HG3crsZxcgbRQEYLhb2wCsLIArjPpvex34-6k...

CVE-2025-15409

creationtimestamp| type| source ---|---|--- 2026-01-02 18:52:46+00:00| seen| Telegram/3f3-cwfXIykKmhboQeDZ-9JfvsVfmMtyX9y0DYWKgM6OqHA 2026-01-02 21:54:27+00:00| published-proof-of-concept| Telegram/d-ziUJquW87C-wxQ1bihwuEueQX9ENOtUxcvU39erDutk3U...

MAL-2025-192958 Malicious code in smtmlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e871336d0effe99cb62efeda3a287186e75c1bd4ca5770efd81718db8ababe4e Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...

MAL-2025-192690 Malicious code in smtrlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c1075f7c4373ccaac9936bfd75a22a27f0c9ba06a5402a68a45fe8121f58783 Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...

Malicious code in smtblib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 15a295f1d98fcbbdd6a077bc3a849966ca3f73919c0d47e58948ff382481e5b6 Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...

Malicious code in aiogram-msgeffect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 edd5a99e6d1cebb47e713991f08b50dee4b5bf93ae487f6adc446318ccdba6e7 Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them --- Category: MALICIOUS -...

MAL-2025-191674 Malicious code in aiogram-msgeffect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 edd5a99e6d1cebb47e713991f08b50dee4b5bf93ae487f6adc446318ccdba6e7 Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them --- Category: MALICIOUS -...

Malicious code in tgeffect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e254217ac113edcc1914bdfcda06509137ceed6a7441b3c846653d769335bcaa Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them --- Category: MALICIOUS -...

CVE-2025-8073

creationtimestamp| type| source ---|---|--- 2025-08-28 07:17:56+00:00| seen| Telegram/wpMPkZ1d1KFKtw8bdlghuDSWdHnNS9uRx3BWNMsVNt8qlg...

CVE-2025-43744

creationtimestamp| type| source ---|---|--- 2025-08-19 20:07:20+00:00| seen| Telegram/dGdIqxnkM3Dmwa9J7VB9fJ9SlV66TINfay2DLp4toYzZjq4...

CVE-2025-54705

creationtimestamp| type| source ---|---|--- 2025-08-14 11:03:52+00:00| seen| Telegram/7TpasQIEhOlCxeO9xpA4b-Z5VmKGwcU0wBvSQLu7dx2sAU...

RHSA-2023:7656

creationtimestamp| type| source ---|---|--- 2025-08-01 15:49:22+00:00| seen| Telegram/vqMv-pw9KY3Z5TMAkCKFJ81O0KEk3Kk9SHClQG6teUoaj50 2025-08-02 14:50:53+00:00| seen| Telegram/O48YTDst3MKwqXTmoA7eKUU-Al4YKF5xmz2EhGo0DjbdKvM 2025-08-02 17:49:06+00:00| seen|...

CVE-2009-3720

creationtimestamp| type| source ---|---|--- 2025-07-18 13:11:47+00:00| seen| Telegram/e1o90iHJT-k2JGh5790ahxiLQIt4T9bVzKO5ZsUBjDuYtSU...

MAL-2025-191698 Malicious code in callistopy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c45e190afdbbb8d4b817c50734f8b01bc3bec65978141d4070ca2ec60be6b061 Package creates a telegram client which silently exfiltrate user's Telegram data, including sessions and configuration, to a hardcoded remote target ---...