Malicious code in satisfactory_reindeer_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d5d5c02ace91c1d0ee4f26a7dc4d0547dba771e0f788a8b954c087f841f9f64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-55261 Malicious code in arif-toge88-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ef0afc7df1b37029a7288114c208ef8f231f5fafdadbea000fc79131b3249bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-59543 Malicious code in working_zebra_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9bc011fa09f1347e5b42ed5c27f1e24bfaa0c45aa9ad5942e3bd331f6b32ea8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-56999 Malicious code in joko-bakwan12-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0845808309825994c1b18adc95af25804a1a3dd25289321fb59ea096ea78868e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

A week in security (November 3 – November 9)

Last week on Malwarebytes Labs: Malwarebytes scores 100% in AV-Comparatives Stalkerware Test 2025 Fake CAPTCHA sites now have tutorial videos to help victims install malware Hackers commit highway robbery, stealing cargo and goods Android malware steals your card details and PIN to make instant A...

Malicious code in patria-lepet37-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bebff54ccfa0b6d72ad9cbcc113274c442fce47fcdc8248fd1d7fd60fe58c50 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nadia-asinan37-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5535a9c8f16c77d57a311260ae1914da1049abaecdee2745e95ee162e1040d44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-51025 Malicious code in bella-dodol8-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62a38a638662e2f9f74786179f48b83c75228086da85fcbcb614d3648c0388b4 The package bella-dodol8-ruro was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Oracle Linux 8 : bind9.16 (ELSA-2025-19793)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19793 advisory. - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Address various spoofing attacks CVE-2025-40778 Tenable has extracted the preceding...

Oracle Linux 8 : bind (ELSA-2025-19835)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-19835 advisory. - Address various spoofing attacks CVE-2025-40778 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

bind security update

9.16.23-31.0.1 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-31.2 - Replace downstream fixes with upstream changes 32:9.16.23-31.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Address various spoofing attacks CVE-2025-40778...

RHEL 9 : bind (RHSA-2025:19951)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19951 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...

SUSE CVE-2025-54499

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

Enhancing Adversarial Robustness of IoT Intrusion Detection Via SHAP-Based Attribution Fingerprinting

The rapid proliferation of Internet of Things IoT devices has transformed numerous industries by enabling seamless connectivity and data-driven automation. However, this expansion has also exposed IoT networks to increasingly sophisticated security threats, including adversarial attacks targeting...

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

Task-4-Exploitation-System-Security Internship: ApexPlanet —...

Quantifying the Risk of Transferred Black Box Attacks

Neural networks have become pervasive across various applications, including security-related products. However, their widespread adoption has heightened concerns regarding vulnerability to adversarial attacks. With emerging regulations and standards emphasizing security, organizations must...

demo_web_attacks

demowebatta...

Security update for bind

This update for bind fixes the following issues: CVE-2025-40778: Address various spoofing attacks bsc1252379. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for yo...

SUSE-SU-2025:3976-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379...