167 matches found
Metasploit Wrap-Up 01/09/2026
RISC-V Payloads This week brings more RISC-V payloads from community member bcoles. One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to th...
Friday Squid Blogging: Pilot Whales Eat a Lot of Squid
Short-finned pilot wales Globicephala macrorhynchus eat at lot of squid: To figure out a short-finned pilot whale's caloric intake, Gough says, the team had to combine data from a variety of sources, including movement data from short-lasting tags, daily feeding rates from satellite tags, body...
Malicious code in annual_nightingale_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f38759cab2230b3d7234206e9e3e2528fc1a566e7a09bb58309bf52e9b0dc5d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in annual_cuckoo_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 651d7a1d624c621d715b9b066d0086b664f0f72bfd6e59a8d71da7b8824be2fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-93203
Malicious code in annualcuckooz3n npm...
Malicious code in annual_mockingbird_tan-69 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89f9d6d99f2b19a5f8e0fee93d44a119cfeeea86bf6c4a6bc85acea9e2e37b11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-74892
Malicious code in annualearwigteal-17 npm...
EUVD-2025-74890
Malicious code in annualwildcatamaranth-56 npm...
EUVD-2025-77448
Malicious code in annualjayyellow-85 npm...
EUVD-2025-77761
Malicious code in annualgoosez3n npm...
EUVD-2025-79808
Malicious code in annualchipmunk0xrequest npm...
EUVD-2025-65319
Malicious code in annualdinosaurrequirement npm...
Malicious code in annual_sawfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d05bb2d67533bcc5a1d5dd04b28299b9f6f0c20091af8d212d1c8f53c0a224f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-87156
Malicious code in annualsawfishz3n npm...
MAL-2025-76860 Malicious code in annual_tyrannosaurus_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b44ac0b9ad1867368ab1dab2ed70ddde9da5dec359f4fd31e235d3350ec1273b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-55858
Malicious code in annual-aqua-bedbug npm...
CVE-2025-61997
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...
CVE-2025-61997
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...
CVE-2025-61996
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...
CVE-2025-61996
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...