CVE-2024-4355

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it possible for...

CVE-2023-32687

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

CVE-2023-32496

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin = 7.31 versions...

CVE-2022-1165

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search...

CVE-2022-1801

The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots...

CVE-2021-25070

The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue...

Malicious code in node-telegram-bots-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 855eef79389ff9b44946f9ab78bd1c5458c090ebc43c875626786bb46280763a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4186 Malicious code in node-telegram-bots-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 855eef79389ff9b44946f9ab78bd1c5458c090ebc43c875626786bb46280763a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign

Artificial intelligence AI company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used i...

This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops

Massive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”...

Malicious code in task-bots (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be184e51a3aa435812d643ea00fe1f17effc4e16bb86a0b71882fb61f69573fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3263 Malicious code in task-bots (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be184e51a3aa435812d643ea00fe1f17effc4e16bb86a0b71882fb61f69573fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Hi, robot: Half of all internet traffic now automated

If you sometimes feel that the internet isn't the same vibrant place it used to be, you're not alone. New research suggests that most of the traffic traversing the network isn't human at all. Bots software programs that interact with web sites have been ubiquitous for years. But in its 2025 Bad B...

2025 Imperva Bad Bot Report: How AI is Supercharging the Bot Threat

Bad bots continue to target organizations across every industry and geography, but the rise of Artificial Intelligence AI is fueling bot attacks, making them more intelligent and more evasive than ever before. For over twelve years, Imperva has been dedicated to helping organizations manage and...

How Scalping Bots Exploited a Vulnerable API to Disrupt Online Retail Sales

In the fast-paced world of online retail, where customer satisfaction and availability are paramount, a sudden attack by scalping bots can disrupt operations, inflate costs, and damage reputation. A North American Online Retailer faced a month-long bot attack that targeted their inventory system,...

CVE-2022-49063 ice: arfs: fix use-after-free when freeing @rx_cpu_rmap

In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rxcpurmap The CI testing bots triggered the following splat: 718.203054 BUG: KASAN: use-after-free in freeirqcpurmap+0x53/0x80 718.206349 Read of size 4 at addr ffff8881bd127e00 by task...

Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots

The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn how it…...

Malicious code in telegram-bots (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce26b83a8f4eda763f723d82a057158e8b6265de39b789ca17e5d38884401cf8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1444 Malicious code in telegram-bots (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce26b83a8f4eda763f723d82a057158e8b6265de39b789ca17e5d38884401cf8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-36024

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are...