12893 matches found
Claude Code Security and Magecart: Getting the Threat Model Right
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI...
Transparent COM instrumentation for malware analysis
COM automation is a core Windows technology that allows code to access external functionality through well-defined interfaces. It is similar to traditionally loading a DLL, but is class-based rather than function-based. Many advanced Windows capabilities are exposed through COM, such as Windows...
Malicious code in bugbounty-test-123 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c22630300fe50578818f50f4a068d400f9e434dc0341fff5a6cd0ca63e82d5e1 The package bugbounty-test-123 was found to contain malicious code. Source: ossf-package-analysis...
PT-2026-26193
Summary A Timing Side-Channel vulnerability exists in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity...
aicerberus
AICerberus 🐺 AI supply chain security scanner — one comma...
Exploit for Classic Buffer Overflow in Freefloat Freefloat_Ftp_Server
CVE-2025-5548 Security research and reprod...
MAL-2026-1497 Malicious code in robloxapi-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ff27677fd14eddf36fd58fee0bb539ef89fd596e83450c68f8dc0436350abfd6 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...
MAL-2026-1495 Malicious code in whatfix-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 003442c235ba313d832b958d8170e59f28d9af34abdd1f33a832c6c2cd263696 The package whatfix-icons was found to contain malicious code. Source: ossf-package-analysis...
Detecting Data Poisoning in Code Generation LLMs Via Black-Box, Vulnerability-Oriented Scanning
Code generation large language models LLMs are increasingly integrated into modern software development workflows. Recent work has shown that these models are vulnerable to backdoor and poisoning attacks that induce the generation of insecure code, yet effective defenses remain limited. Existing...
Exploit for Race Condition in Canonical Ubuntu_Linux
Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...
Free real estate: GoPix, the banking Trojan living off your memory
Introduction GoPix is an advanced persistent threat targeting Brazilian financial institutions' customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through memory-only implants and obfuscated PowerShell scripts. It evolved from the RAT and Automate...
MAL-2026-1458 Malicious code in @wealth-common/font (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a56e089d98a2a90a0e20698b8e57be8f14e4999477967cdf1254cff0e51804c The package @wealth-common/font was found to contain malicious code. Source: ghsa-malware...
Cross-Scale Persistence Analysis of EM Side-Channels for Reference-Free Detection of Always-On Hardware Trojans
Always-on hardware Trojans pose a serious challenge to integrated circuit trust, as they remain active during normal operation and are difficult to detect in post-deployment settings without trusted golden references. This paper presents a reference-free detection framework based on cross-scale...
TrendAI™ Supports Global Law Enforcement Efforts
Learn how TrendAI™ and our researchers contributed threat intelligence and analysis to support INTERPOL against cybercrime...
Malicious code in @3stripes/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cf6f6a1fb0e79c716386545df6b4a1e4df689bf6b35e741c28150cc3fad072a The package @3stripes/common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1426 Malicious code in @3stripes/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cf6f6a1fb0e79c716386545df6b4a1e4df689bf6b35e741c28150cc3fad072a The package @3stripes/common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1427 Malicious code in @3stripes/helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43a7574944c393165544faca6357fd6ce623ef66d2b9b367a3042f34eae4f81b The package @3stripes/helpers was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @3stripes/api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1644f08d12a97a4daeeca3e4195d91585bdbe1a8c2085fa918a92427cf1ee99f The package @3stripes/api-client was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1430 Malicious code in @3stripes/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a35a49fa45b490839a3f7671aed0d41c821f7a2925a015debe9f168e09476451 The package @3stripes/utils was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in n8n-nodes-text-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d9e6f076079fc1e5969f32f2e96bf4ee653d57d47b342f378cc857e678051df The package n8n-nodes-text-helpers was found to contain malicious code. Source: ghsa-malware...