Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

Malicious code in @t-in-one/form_product_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @car-loans/deal-aff (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

MAL-2026-4980 Malicious code in @cloudplatform-single-spa/svp-draas (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Nexus-Sonatype-Repository-Manager-Groovy-Script-RCE-Authenticated-

Nexus Repository Manager 3 Authenticated RCE Groovy Script Ta...

Axios NPM supply chain incident

Cisco Talos is actively investigating the March 31, 2026 supply chain attack on the official Axios node package manager npm package during which two malicious versions v1.14.1 and v0.30.4 were deployed. Axios is one of the more popular JavaScript libraries with as many as 100 million downloads pe...

Malicious code in mgc (npm)

Package fetches platform-specific stage-2 payloads from a GitHub Gist. The stage-2 payloads are full Remote Access Trojans RATs for Linux Python and Windows PowerShell that beacon to a C2 server, exfiltrate system information, enumerate directories, execute arbitrary commands, and support binary...

HTTPS Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an HTTPS server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/https/x86/vncinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/upexec/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION...

HTTPS Fetch, Windows Upload/Execute, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTI...

HTTPS Fetch, Windows Upload/Execute, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/upexec/bindhiddentcp msf payloadbindhiddentcp show action...

HTTPS Fetch, Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

HTTPS Fetch

Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set...

HTTPS Fetch, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

HTTPS Fetch, Windows Upload/Execute, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/upexec/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf...

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show an...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

HTTPS Fetch, Windows Upload/Execute, Bind IPv6 TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION ms...

HTTPS Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTPS server. Use an established connection Module Options msf use payload/cmd/windows/https/x86/peinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...