Malicious code in @sap-px/pxapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c70a3dbae0518bc379bebf8a6eecf65c9b7ed68be4b1e352a458a42ba77b5b2d The package @sap-px/pxapi was found to contain malicious code. Source: ghsa-malware f83795730a6230997fb73e029559ad586c6130bc00c0cc6740e3d82f2250b452...

Malicious code in @b2b-portal/form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...

Exploit for Classic Buffer Overflow in Freefloat Freefloat_Ftp_Server

Estudio técnico de la vulnerabilidad CVE-2025-5548 Introdu...

Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit

Large language models LLMs have recently emerged as promising tools for augmenting Security Operations Center SOC workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and...

Security Bulletin: IBM Operations Analytics – Log Analysis is affected by a security feature bypass due to Azure SDK for Java

Summary Azure SDK for Java is used by IBM Operations Analytics – Log Analysis as part of secure, asynchronous messaging and event streaming over AMQP Advanced Message Queuing Protocol. CVE‑2020‑16971. Vulnerability Details CVEID:CVE-2020-16971 DESCRIPTION: Azure SDK for Java Security Feature Bypa...

From the field to the report and back again: How incident responders can use the Year in Review

Every year, Cisco Talos publishes Year in Review, a comprehensive look at the previous year's threat landscape. It's drawn from an enormous volume of telemetry, such as endpoint detections, network traffic, email data, and boots-on-the-ground Cisco Talos Incident Response Talos IR engagements. As...

Malicious code in @tableau__catalog-messages/database_lower (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4155e0aa6cc429c2ea66b3b131055983379b13cab66b74fa3c1758e83a48ec54 The package @tableaucatalog-messages/databaselower was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2866 Malicious code in @tableau__catalog-messages/database_lower (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4155e0aa6cc429c2ea66b3b131055983379b13cab66b74fa3c1758e83a48ec54 The package @tableaucatalog-messages/databaselower was found to contain malicious code. Source: ossf-package-analysis...

What Is Threat Hunting? A Complete Guide for Security Teams

What Is Threat Hunting? A Complete Guide for Security Teams Security tools catch a lot. They do not catch everything. Automated detection systems rely on known signatures, predefined rules, and behavioral baselines. Sophisticated adversaries know this and design their operations to slip through t...

Malicious code in viewer-assets-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0022cddbfa3afc707bea5e0e70c8bff5b3249847bd891c628a1fd2d0dc9fa259 The package viewer-assets-generator was found to contain malicious code. Source: ghsa-malware...

RansomTrack: A Hybrid Behavioral Analysis Framework for Ransomware Detection

Ransomware poses a serious and fast-acting threat to critical systems, often encrypting files within seconds of execution. Research indicates that ransomware is the most reported cybercrime in terms of financial damage, highlighting the urgent need for early-stage detection before encryption is...

GHSA-5478-66C3-RHXR Pretext: Algorithmic Complexity (DoS) in the text analysis phase

isRepeatedSingleCharRun in src/analysis.ts line 285 re-scans the entire accumulated segment on every merge iteration during text analysis, producing On² total work for input consisting of repeated identical punctuation characters. An attacker who controls text passed to prepare can block the main...

Pretext: Algorithmic Complexity (DoS) in the text analysis phase

isRepeatedSingleCharRun in src/analysis.ts line 285 re-scans the entire accumulated segment on every merge iteration during text analysis, producing On² total work for input consisting of repeated identical punctuation characters. An attacker who controls text passed to prepare can block the main...

CVE-2026-39416 Stored XSS in modal item preview for long item content in AIL Framework

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

H4C-WEB

H4C-WEB !/bin/bash =======================================...

[SECURITY] Fedora 43 Update: pspp-2.1.1-5.fc43

PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...

Aether Smart Contract Security Analysis Framework 6.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB-connected recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained a vulnerability related to operating system command injection. This vulnerability arose from the fact that the volume list path parameters were passed directly ...

Beyond Single Reports: Evaluating Automated ATT&CK Technique Extraction in Multi-Report Campaign Settings

Large-scale cyberattacks, referred to as campaigns, are documented across multiple CTI reports from diverse sources, with some providing a high-level overview of attack techniques and others providing technical details. Extracting attack techniques from reports is essential for organizations to...

MemProcFS 代码问题漏洞

MemProcFS is a physical memory virtual file system analysis tool developed by Ulf Frisk. Versions of MemProcFS prior to 5.17 contained code vulnerabilities. These vulnerabilities stemmed from multiple insecure library loading patterns, which could lead to DLL and shared library hijacking, allowin...