EUVD-2025-17558

Malicious code in bioql PyPI...

react-native-keys insecurely stores encryption cipher and Base64 chunks

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2025-45001

CVE-2025-45001 affects react-native-keys 0.7.11. The issue is that encryption cipher data and Base64 chunks are stored as plaintext in the compiled native binary, enabling leakage of secrets through basic static analysis. Documents consistently describe this as a remote information-disclosure vul...

PT-2025-24542 · Unknown · React-Native-Keys

Name of the Vulnerable Software and Affected Versions: react-native-keys version 0.7.11 Description: The issue concerns sensitive information disclosure, where encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basi...

TChopper - Conduct Lateral Movement Attack By Leveraging Unfiltered Services Display Name To Smuggle Binaries As Chunks Into The Target Machine

New technique I have discovered recently and give it a nickname Chop chop to perform lateral movement using windows services display name and WMI by smuggling the malicious binary as base64 chunks and automate the process using the TChopper tool. How it works the tool will get the file you willin...