Malicious code in solidity-deploy-guard (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

Uncovering Hybrid Cloud Attacks Part 2 – The Attack

in this second part of the series, we’ll share the details of a real-world sophisticated, long-term attack in the cloud...

AMPLE BILLS 1.0 Administrative Page Disclosure

============================================================================================================================================= | Title : AMPLE BILLS v1.0 Administrative Page Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

hudaallah Linker CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : hudaallah Linker CMS v1.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

Protect yourself from BlackMatter ransomware: Advice issued

Despite promises made by the BlackMatter ransomware gang about which organizations and business types they would avoid, multiple US critical infrastructure entities have been targeted. Now, the Federal Bureau of Investigation FBI, in conjunction with the Cybersecurity and Infrastructure Security...

Hyperledger: Vulnerability in Private Data Endorsement Policy Management in Hyperledger Fabric 2.0

To whom it may concern, We are a research group conducting research on the Hyperledger Fabric. We find a design flaw about the endorsement policy of Private Data related transactions in Hyperledger Fabric 2.0. When private data adopts a default chaincode-level MAJORITY endorsement policy, the...

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

Hive 2.0 RC2 XSS / Code Execution / SQL Injection

| Title : Hive v2.0 RC2 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : "Powered by DigitalHive" | Tested on: windows 8.1 Français V.Pro | Bug : Stop Script | Download : http:///www.digitalhive.com ======================================= Stop SCript working :...

AOL File Inclusion / Cross Site Scripting

AOL File Inclusion / Cross Site ScrIpting Time-Line vulnerability ------------------------ -Multiples Security Advisories -Not Response -Not FeedBack -Not Fixed -Another Security Advisory & another.. -Not Response-Not FeedBack -Full Disclosure I. VULNERABILITY ------------------------- Title: AOL...

Obehotel CMS SQL Injection Vulnerability

Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities. OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY...

FICOBank Information Disclosure / Cross Site Scripting

FICOBank Directory Listing Information Disclosure / Cross Site Scripting / Jquery Old Version Vulnerable Report-Timeline: ================ 23-08-2013 Advisory Response:"Our country does not have the same laws as their own and we do not consider to be security flaws the data you send us. Thank you...

Twitter Security Experiment Goes Live

DarkReading is reporting on the launch of a new experimental service set up to detect spam and threats on the popular Twitter microblogging service. The experiment, called TwiGUARD, lets Twitter users check if a follower is a spammer or if a link embedded in a tweet is malicious. From the article...

Remote Denial Of Service -- NetWare 5.0 with SP 5

Remote Denial Of Service -- NetWare 5.0 with SP 5 -------------------------------------------------------------- I encounter a buffer overflow bug in NetWare 5.0 with service pack 5. After few minutes after the attack server issue a memory allocation error. 10-07-2000 12:29:53 pm: SERVER-5.0-4631...