Detecting Privilege Escalation in Polyglot Microservices Via Agentic Program Analysis

Microservices are widely adopted in modern cloud systems due to their scalability and fault tolerance. However, microservice architectures introduce significant complexity in privilege and permission control, creating risks of privilege escalation where attackers can gain unauthorized access to...

MAL-2026-3721 Malicious code in npmjs_ethers-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97aa3b72d45b1d6c6dc376c60b00c8c1fe60a9664d6767ffa64ba0ca1a4cf1b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3710 Malicious code in ethers-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f43ab2ac9caeed4f5dd0895f4da7d3a646038768f5d0024f443bb527fd1ad95 The OpenSSF Package Analysis project identified 'ethers-logger' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2026-44003

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

Malicious code in chia-network (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c7439a1ad4a50c3852597bd31aaf7a3f15c53c2cb9f124b9b350e55517b5f592 The OpenSSF Package Analysis project identified 'chia-network' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2026-3663 Malicious code in chia-network (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c7439a1ad4a50c3852597bd31aaf7a3f15c53c2cb9f124b9b350e55517b5f592 The OpenSSF Package Analysis project identified 'chia-network' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in truffle-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bd5b41de871fbbc8c5895f63dfec08ba2ff6ecb9ea03fa6fdb5d9245c74616 The package.json lifecycle script invokes require'childprocess'.execSync with a curl command at install time. Running curl through childprocess durin...

Malicious code in hardhat-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb86c79e7ed3cd429c0f28bc08e00ce020df2ec42fdda086ad8bfca99f259930 package.json declares a postinstall script that base64-decodes the string 'aHR0cDovLzguMjE3Ljc1LjE0NzozMDAwL3BheWxvYWQ=' to the URL...

Malicious code in ethers-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 098acd1dccfed8bcaea9f56206745eef7c9e4cd368599ba23f762a84c86bbc14 The package's package.json declares a postinstall script that base64-decodes a hidden URL http://8.217.75.147:3000/payload and pipes the HTTP respons...

MAL-2026-3715 Malicious code in solc-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2016baa4fe29c296464b8381f88440457a113d79e2773d2252eb609a15ea2e03 package.json's postinstall lifecycle script runs node -e to base64-decode a hidden URL and pipe its contents to bash: curl -s...

MAL-2026-3716 Malicious code in truffle-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27652f23529349a6999e9121bc9714a5e9b5d11b227729c3c24147e5d2260eee package.json line 7 invokes require'childprocess' and execSync'curl...' from an npm lifecycle script. This causes the installer's machine to fetch an...

Malicious code in web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e42f568897d9af194eb75275059455c99b369456b0c8e0ffe13e7f32be839e6 The OpenSSF Package Analysis project identified 'web3-common' @ 1.0.0 npm as malicious. It is considered malicious because: - The package execut...

MAL-2026-3718 Malicious code in web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e42f568897d9af194eb75275059455c99b369456b0c8e0ffe13e7f32be839e6 The OpenSSF Package Analysis project identified 'web3-common' @ 1.0.0 npm as malicious. It is considered malicious because: - The package execut...

MAL-2026-3719 Malicious code in web3-core-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f9612aaab12b9656a1f1b5fbd7684fdcd57833bbf76d14b2a243f679cb0977 package.json declares a lifecycle hook that invokes require'childprocess' and execSync with a curl command at install time. This pattern fetches remo...

OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities

The UK's AI Security Institute evaluated GPT-5.5's ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute's evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It...

unverified_exploits

Unverified Exploits - Rule-Based Exploit Generation & Testing...

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

Exploit for CVE-2017-0144

💀 EternalBlue MS17-010 Exploitation Research Controlled r...

security-skills

Security Skills Security Skills is a Hermes Agent skill pack...

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...