16 matches found
EUVD-2025-29226
Malicious code in bioql PyPI...
CVE-2025-59162
color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...
CVE-2025-59331
is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
CVE-2025-59330 [email protected] contains malware after npm account takeover
error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59330 [email protected] contains malware after npm account takeover
error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59330 [email protected] contains malware after npm account takeover
error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59330
The CVE-2025-59330 entry concerns the npm package error-ex . A phishing-driven takeover of its publishing account led to version 1.3.3 containing a malware payload that attempts to redirect cryptocurrency transactions from browser environments (e.g., MetaMask) to attacker addresses. Local/server/...
CVE-2025-59162 [email protected] contains malware after npm account takeover
color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...
CVE-2025-59144 [email protected] contains malware after npm account takeover
debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency...
CVE-2025-59144
CVE-2025-59144 concerns the npm package debug . On 8 Sep 2025, the npm publishing account was taken over via phishing and version 4.4.2 was published with a malware payload that attempts to redirect cryptocurrency transactions in browser environments (e.g., via direct script inclusion or bundlers...
CVE-2025-59143 [email protected] contains malware after npm account takeover
color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
CVE-2025-59141 [email protected] contains malware after npm account takeover
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59140 [email protected] contains malware after npm account takeover
backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59140 [email protected] contains malware after npm account takeover
backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
AEgir Information Disclosure Vulnerability (CNVD-2020-31168)
AEgir is a JavaScript project automation build package from Protocol Labs. An information disclosure vulnerability exists in aegir publish and aegir build in Aegir versions 21.7.0 through 21.10.1 excluding version 21.10.1. An attacker can use this vulnerability to obtain information about...
Firefox security bug (proxy-bypass) in current Tor BBs
https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs "A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS...