12875 matches found
XSSaudit
XSSAudit v2.0 — Advanced XSS Vulnerability Scanner For au...
MAL-2026-4357 Malicious code in helu (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 15a97c1f0e23d838c86d69a3ceae306071a9b4b8c17162a1f563aefe489ffbe4 During import, the hidden code downloads and executes the second-stage code. After performing anti-analysis checks, it downloads a malicious executable and...
Malicious code in helu (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 15a97c1f0e23d838c86d69a3ceae306071a9b4b8c17162a1f563aefe489ffbe4 During import, the hidden code downloads and executes the second-stage code. After performing anti-analysis checks, it downloads a malicious executable and...
Anonymous YARA Rules Are Not Anonymous
YARA rules are widely shared across threat intelligence communities to enable collective defence against malware. This practice implicitly assumes that removing metadata e.g., author fields sufficiently protects the identity of contributing organisations. To assess the validity of this assumption...
Disentangling Adversarial Prompts: A Semantic-Graph Defense for Robust LLM Security
Large Language Models LLMs are increasingly vulnerable to adversarial prompts that exploit semantic ambiguities to bypass safety mechanisms, resulting in harmful or inappropriate outputs. Such attacks, including jailbreaking and prompt injection, pose significant risks to the integrity and...
MAL-2026-4670 Malicious code in skills-detector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...
Malicious code in verify-mycommand (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f94ffb54a2471d0cc94ce1ea88f741e034221a374f17bfadbd609cb22f14f24 On npm install, postinstall.js executes whoami and id, collects host identity hostname, platform, cwd and CI metadata CI, GITHUBREPOSITORY, NODEENV...
Critical: Red Hat Security Advisory: General availability of the satellite/iop-gateway-rhel9 container image
A new satellite/iop-gateway-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and...
Critical: Red Hat Security Advisory: General availability of the satellite/iop-gateway-rhel9 container image
A new satellite/iop-gateway-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and...
Malicious code in @stockrepublic/republic-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...
MAL-2026-4287 Malicious code in @audience-common-ui/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e26e359a883cc73de6df21c10ea5bc94596f94ac4c38a3c703f44c91f3a8f1e Package @audience-common-ui/[email protected] is a dependency-confusion probe targeting an internal scope. Both preinstall and postinstall lifecycle...
MAL-2026-4268 Malicious code in asavie-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf12a913426dee622d500474fe3629c5bb3246e1793e3f210916885c6d0481a9 callback.js collects host identity information os.hostname, os.userInfo and transmits it via https.get to an external endpoint at install/load time...
MAL-2026-4265 Malicious code in @asavie/i18n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d803002ee95ea92bdcb3a918e1be10930816db383ce2a58a6947afea84e04040 @asavie/[email protected] is a dependency-confusion package targeting an unclaimed npm scope. Its package.json declares a preinstall hook that runs node...
MAL-2026-4263 Malicious code in secdriven (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e64bd0b65a5cddc6e2032cfdd0a23f06c980a25066490b223d07e1b2e4efe3d8 On npm install, postinstall.js executes whoami via childprocess and reads os.hostname, os.platform, the working directory, and CI / GITHUBREPOSITORY...
Malicious code in dds-js-idl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c864bc6e21a3795faba4de876942dfffa4baed76c926d96d52c83c32d1f49f69 On npm install, postinstall.js runs whoami via execSync and collects os.hostname, os.platform, cwd, and CI/GitHub env vars, then exfiltrates them ove...
Reversing-Toolkit
Reversing Toolkit 🔧 3 reverse engineering & binary exploita...
Malicious code in clickpy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd3b0787797fa520a5583fd5f14b83ec1b4606c0c45051e30ef312869c148f01 On require'clickpy', index.js collects host metadata via os.hostname, os.userInfo, os.platform, os.arch, process.cwd, process.pid, and the current...
MAL-2026-4258 Malicious code in @engagehub/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcc397ed87426726776c339f950939ac2da46c12edd018ed4bc48031f7044094 All three lifecycle hooks preinstall, install, postinstall in package.json invoke node telemetry.js, so the payload fires unconditionally on npm...
Malicious code in @engagehub/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcc397ed87426726776c339f950939ac2da46c12edd018ed4bc48031f7044094 All three lifecycle hooks preinstall, install, postinstall in package.json invoke node telemetry.js, so the payload fires unconditionally on npm...
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
In this article 1. Attack chain overview 1. Initial access: Exploiting edge appliances 2. Discovery and reconnaissance 3. Lateral movement and identity compromise 2. Mitigation and protection guidance 1. Microsoft Defender XDR detections 2. Advanced hunting 3. Indicators of compromise IOC 4. MITR...