Malicious code in textwrap-toolkit-stager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4 On import textwraptoolkitstager, the package's init.py unconditionally fetches Python source from...

MAL-2026-5722 Malicious code in textwrap-toolkit-stager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4 On import textwraptoolkitstager, the package's init.py unconditionally fetches Python source from...

Malicious code in telebot-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3c49bb558149b55f90b708ff47e24f6f856a88abb4b2ed477633c3df43d4e2 The package advertises itself as a configurable Telegram bot server README and.env.example reference TELEGRAMBOTTOKEN and ALLOWEDUSERIDS, but the cod...

Malicious code in @limebike/supreme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...

Malicious code in @tallyui/database (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d7af140ba49fc46f93bc668a317637f07fe952aa72fa5aaa3c3f16939d221ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in graphicsctxs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4786ca298bffb09916e622e06411ae44cb51c842a6eb9bf7bcf445c051463888 Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...

CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

MAL-2026-2211 Malicious code in @opengov/form-renderer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6c8cb05cb54fe0f2f81f0c9a5ff43f2c4a45ab0fa31bcc1d1cade080e731c3d The package @opengov/form-renderer was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2210 Malicious code in @opengov/form-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19bbc2729962e719c0df5dd96e17dd7ceb90a0a5506ebb318cc50c19b6fe8bb8 The package @opengov/form-builder was found to contain malicious code. Source: google-open-source-security...

MAL-2026-2203 Malicious code in @emilgroup/discount-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b66c2b21da822102c367293fd9acc95e864afb9bb8ddebcb3ac0d49ccf583e The package @emilgroup/discount-sdk-node was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-208134

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

CVE-2025-10010

The CVE affects the CPSD CryptoPro Secure Disk: during boot, a small Linux OS validates integrity via IMA, but configuration files are not validated by IMA. This can allow an attacker with physical access to alter config files on the unencrypted partition, enabling arbitrary code execution as roo...

📄 AMSS++ 4.7 Backdoor Admin Account

AMSS++ version 4.7 has a hardcoded backdoor administrative account. Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.ra...

CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon , which is also tracked as...