janus-security-platform

Agentic Security Platform Payments-domain SAST + autonomous P...

Malicious code in sequoia-engineering (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2f9c2bfd3d6035b7f58ea95bdcd1329af80adec3c1ef84cb1a8412c6d4c3bf9b The OpenSSF Package Analysis project identified 'sequoia-engineering' @ 2.2.2 npm as malicious. It is considered malicious because: - The packag...

MAL-2026-5363 Malicious code in @solana-labs/web3-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 99d2ea7302fd72532bbe21dd885a0c456599e7fb1e8055977e35ae563236e530 The OpenSSF Package Analysis project identified '@solana-labs/web3-js' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

MAL-2026-5362 Malicious code in @solana-labs/etherjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3c9e260b3ed97dca42969f7b7836399ce071c4708cffd473bd6b3cf62925401 The OpenSSF Package Analysis project identified '@solana-labs/etherjs' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

defi-exploit-pipeline

DeFi Exploit Pipeline Pipeline otomatis untuk menganalisis sm...

Malicious code in unifi-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b53844d0cc8f26b013b7bbab0145f94b600118aeea09aceae5b6c29c91600fd Package name unifi-portal shadows a presumed-private internal namespace and ships a preinstall: node index.js hook. On npm install, index.js lines 4-...

MAL-2026-5289 Malicious code in unifi-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b53844d0cc8f26b013b7bbab0145f94b600118aeea09aceae5b6c29c91600fd Package name unifi-portal shadows a presumed-private internal namespace and ships a preinstall: node index.js hook. On npm install, index.js lines 4-...

Malicious code in encrypted-archive (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13428a6cdcd4736d3f044dd6a580724699318155a1c1e283b586b9a4c3ab6295 The OpenSSF Package Analysis project identified 'encrypted-archive' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5288 Malicious code in uisp-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 351b32a85d024168970d1a2e8b7c9c5e6ff6f1d31191390f248a988d9ea6b9a9 package.json declares preinstall: node index.js || true, causing index.js to run automatically on npm install. index.js issues a DNS resolution and...

CVE-2025-14972

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

CVE-2026-7365

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2024-40684

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

Kali-setup

🛠️ kali-setup A single bash script that pulls in the 20 most-...

Ternary Public-Key Cryptosystem

Public-key cryptosystems eliminate the requirement for pre-shared secret keys by enabling encryption with a publicly disclosed key and decryption with a corresponding private key. In this article we generalize the public-key cryptosystems to ternary algebraic structures, with particular attention...

MOLOT System Card: Malicious Operational Logic Observation Transformer

MOLOT Malicious Operational Logic Observation Transformer is a static malicious-code detection system designed for SAST setup where package metadata, maintainer history, and dynamic execution traces may be unavailable or unreliable. The system represents source code as behavior sequences derived...

The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals

Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...

binary-exploitation-labs-Application-security-ctf-writeups

binary-exploitation-labs-Application-security-ctf-writeups...

Exploit for CVE-2026-26555

🔍 Vulnerability Research A curated collection of in-depth vul...

Malicious code in cms-store-ren (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1e0e43b074cffbde07a16c0b1ae1645b1edebcfa7fe192f6161237b0f011952d The OpenSSF Package Analysis project identified 'cms-store-ren' @ 1.1.1 npm as malicious. It is considered malicious because: - The package...

Joern 4.0.554

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...