Exploit for Incorrect Default Permissions in Amazon Amplify_Cli

skycenter Attack Chain Security Analysis Engine for AWS, Azure...

Timing Attack

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducin...

Malicious code in prometheus-quicker-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus-quick-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1910 Malicious code in prometheus-quick-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1911 Malicious code in prometheus-quicker-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus-fast-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1909 Malicious code in prometheus-fast-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus-analysis-1 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1908 Malicious code in prometheus-analysis-1 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1907 Malicious code in prometheus-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI...

Transparent COM instrumentation for malware analysis

COM automation is a core Windows technology that allows code to access external functionality through well-defined interfaces. It is similar to traditionally loading a DLL, but is class-based rather than function-based. Many advanced Windows capabilities are exposed through COM, such as Windows...

Malicious code in bugbounty-test-123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c22630300fe50578818f50f4a068d400f9e434dc0341fff5a6cd0ca63e82d5e1 The package bugbounty-test-123 was found to contain malicious code. Source: ossf-package-analysis...

PT-2026-26193

Summary A Timing Side-Channel vulnerability exists in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity...

aicerberus

AICerberus 🐺 AI supply chain security scanner — one comma...

Exploit for Classic Buffer Overflow in Freefloat Freefloat_Ftp_Server

CVE-2025-5548 Security research and reprod...

MAL-2026-1497 Malicious code in robloxapi-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff27677fd14eddf36fd58fee0bb539ef89fd596e83450c68f8dc0436350abfd6 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

MAL-2026-1495 Malicious code in whatfix-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 003442c235ba313d832b958d8170e59f28d9af34abdd1f33a832c6c2cd263696 The package whatfix-icons was found to contain malicious code. Source: ossf-package-analysis...