MAL-2026-3077 Malicious code in axis-charts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2948113b9e8ba2a0eaf9f07de49e63efdcdb91450acb69c6e5c9da9e2f982eb The package axis-charts was found to contain malicious code. Source: ossf-package-analysis...

[SECURITY] Fedora 44 Update: awstats-8.0-4.fc44

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

[SECURITY] Fedora 44 Update: LabPlot-2.12.1-17.fc44

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

[SECURITY] Fedora 44 Update: pspp-2.1.1-5.fc44

PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...

[SECURITY] Fedora 44 Update: tcpflow-1.6.2-0.1.8d47b53.fc44

tcpflow is a program that captures data transmitted as part of TCP connections flows, and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being...

MAL-2026-3083 Malicious code in elementary-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...

Friday Squid Blogging: How Squid Survived Extinction Events

Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago,...

MAL-2026-3052 Malicious code in @alfa.life.mapp/app.web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31f4eb43fd465a585f96a6ae24d86885dcb21e0645e446d9831edce30250a9e The package @alfa.life.mapp/app.web was found to contain malicious code. Source: ghsa-malware...

Malicious code in @alfa.life.mapp/app.web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31f4eb43fd465a585f96a6ae24d86885dcb21e0645e446d9831edce30250a9e The package @alfa.life.mapp/app.web was found to contain malicious code. Source: ghsa-malware...

Malicious code in @m0ntana/app.web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffd5d049b453ec288428ae1c5b369effbc0397e753720aeb3900a746bb83519 The package @m0ntana/app.web was found to contain malicious code. Source: ghsa-malware b7fdecb35a1116b81d1340d7d6cc748a050b4dde46beb279a40f6e049955ca...

Malicious code in model-poc-suhail (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0077cfbeca02c255952633606e9fc0c50ef11fe0e50a083f9ab632b6ee01569 The package model-poc-suhail was found to contain malicious code. Source: ossf-package-analysis...

security-audit

security-audit A Claude Code skill + plugin marketplace for a...

Black-Oracle

🖤 BLACK ORACLE 🖤 «The Eye That Sees Through Digital...

SecScan

SecScan Local-LLM-powered security scanner for GitHub repos...

Detecting Concept Drift in Evolving Malware Families Using Rule-Based Classifier Representations

This work proposes a structural approach to concept drift detection in malware classification using decision tree rulesets. Classifiers are trained across temporal windows on the EMBER2024 dataset, and drift is quantified by comparing extracted rule representations using feature importance,...

Malicious code in microsoft-employee-experience (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c34bc4b2b8497b2f155f93295b0fe4b78eb94e7830684929547465d0b66b7a7 The package microsoft-employee-experience was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3017 Malicious code in react-spa-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43b35510ff33bc6f887152176f91fb63f2a336c8822c151ac6039ccced83c96b The package react-spa-npm was found to contain malicious code. Source: ghsa-malware c9044f471d6c131db0da2c97994b81cd8d2680486695f42dec152b2b23f5e0be...

Malicious code in eth-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 843cae77c9aaf84bef1b7d5e46e27795d5203d2959a39b2797f0e1248b4995c7 The package eth-logger was found to contain malicious code. Source: ossf-package-analysis...

vlnr

vlnr: Autonomous Vulnerability Discovery Pipeline !Python 3...

CVE-2026-41206

Summary: CVE-2026-41206 affects PySpector, a Python SAST framework. The vulnerability lies in the plugin security validator’s static analysis in the function/class handling plugin loading via PluginSecurity.validate_plugin_code. Before version 0.1.8, the blocklist is incomplete and can be bypasse...