Malicious code in cloudera-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e0a829db4a908047174ccb540d590c9df780c994d9ecc1b1705247f89612de The package cloudera-poc was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2493 Malicious code in cloudera-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e0a829db4a908047174ccb540d590c9df780c994d9ecc1b1705247f89612de The package cloudera-poc was found to contain malicious code. Source: ossf-package-analysis...

SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement

LLM-based agent systems increasingly rely on agent skills sourced from open registries to extend their capabilities, yet the openness of such ecosystems makes skills difficult to thoroughly vet. Existing attacks rely on injecting malicious instructions into skills, making them easily detectable b...

[SECURITY] Fedora 42 Update: tcpflow-1.6.2-0.1.8d47b53.fc42

tcpflow is a program that captures data transmitted as part of TCP connections flows, and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being...

[SECURITY] Fedora 43 Update: tcpflow-1.6.2-0.1.8d47b53.fc43

tcpflow is a program that captures data transmitted as part of TCP connections flows, and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being...

Security Bulletin: Due to use of Apache Commons Lang, IBM Operations Analytics - Log Analysis is affected by Uncontrolled Recursion Vulnerability

Summary Apache Commons Lang in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the core utility such as string manipulation, object utilities, and class utilities. CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerabilit...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

Summary IBM Operations Analytics – Log Analysis is affected by weaknesses in its Backend Authentication and Session Management module—used as part of its login mechanism—which exposes the product to improper authentication risks, including weak password policy enforcement and insufficient account...

CVE-2026-23420

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl-mutex is locked before it is unlocked. This has been detected by the Clang thread-safety analyzer...

Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study

Third-party skills extend LLM agents with powerful capabilities but often handle sensitive credentials in privileged environments, making leakage risks poorly understood. We present the first large-scale empirical study of this problem, analyzing 17,022 skills sampled from 170,226 on SkillsMP usi...

MAL-2026-2442 Malicious code in expreeeess (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f655863438463b445574f12a5195c9635704e2158556ae437ee3a71c2e083d6b The package expreeeess was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2439 Malicious code in expeewas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcb3aafc860058ba4e9a64c6fa7dba85b7df72d68971ef7c673245e4ac02820f The package expeewas was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2441 Malicious code in expirs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86105842d926ee95e61ae8adf0d4506cbc55c9510189208ee33d511806f2c5ef The package expirs was found to contain malicious code. Source: ossf-package-analysis d82cf6807fa6c011a17d3f4e8bf8af1e3e935a3d79ab1420356fd87d3f2567d...

MAL-2026-2437 Malicious code in exaprse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6cac7f3a62099b4980a3948c78a3a231085dece3eac1d5ca3aa0bc3b0d102e5 The package exaprse was found to contain malicious code. Source: ossf-package-analysis e6b772ab3336f1923332b7f4042b5daa8ea5fdef08b605e35f6410c40f6a25...

Malicious code in exszpe3szs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f15551a64777edf23687b4e056220380ac9501b76e432e33f9d93f5aecf2d3 The package exszpe3szs was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2434 Malicious code in 4exepreds (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 713fcab117c3d896c25c79498daded14d2b7d69baecb99c233703f421caaca26 The package 4exepreds was found to contain malicious code. Source: ossf-package-analysis...

Exploit for Path Traversal in Publiccms

amihit Am I Hit? -- CVE Impact Analyzer !Gohttps://i...

Malicious code in bytefrontier-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a556a5a46fe4be2c1c7662a6481c9086b192375a17d4dcdccfbe52564ed78571 The package bytefrontier-tracker was found to contain malicious code. Source: ghsa-malware...

Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown

A WIRED analysis of DHS records identified dozens of specialized federal agents who used force against US civilians during the largest known deployment of its kind in US history...

MAL-2026-2420 Malicious code in @_wnpm/wnpm-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9729c3c0a6c625f2d6cc79833205a4331647989fa84d85bdd158924af91020fd The package @wnpm/wnpm-cli was found to contain malicious code. Source: ossf-package-analysis...

From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers

The model context protocol MCP standardizes how LLMs connect to external tools and data sources, enabling faster integration but introducing new attack vectors. Despite the growing adoption of MCP, existing MCP security studies classify attacks by their observable effects, obscuring how attacks...