139 matches found
Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web
Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases, spill highly sensitive data onto the public internet...
MAL-2026-2881 Malicious code in bjs-lint-builders (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ff31ee3bf86e4aecefc3ed40ae1647028f7fd482df4c617731ebfd75cad027 The package bjs-lint-builders was found to contain maliciou...
bjs-biginteger (=5.0.5) potentially affected by unknown CVE via bjs-lint-builders (=1.1.0)
bjs-lint-builders NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on bjs-lint-builders and may be impacted: - bjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2881...
Malicious code in bjs-lint-builders (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ff31ee3bf86e4aecefc3ed40ae1647028f7fd482df4c617731ebfd75cad027 The package bjs-lint-builders was found to contain maliciou...
Malicious Package
Overview npm-builders is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in npm-builders (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c63391276857464ec97afe878e9a323907ccb5cc79486e5d11ce3078f2621e1 The package npm-builders was found to contain malicious code. Source: ghsa-malware 83c8c91b9b31b2f06c283e24505777cd3486a18286a6eb6a2f2b29ca2e6462e6 A...
MAL-2026-1345 Malicious code in npm-builders (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c63391276857464ec97afe878e9a323907ccb5cc79486e5d11ce3078f2621e1 The package npm-builders was found to contain malicious code. Source: ghsa-malware 83c8c91b9b31b2f06c283e24505777cd3486a18286a6eb6a2f2b29ca2e6462e6 A...
A week in security (February 9 – February 15)
Last week on Malwarebytes Labs: How to find and remove credential-stealing Chrome extensions Fake shops target Winter Olympics 2026 fans Outlook add-in goes rogue and steals 4,000 credentials and payment data Child exploitation, grooming, and social media addiction claims put Meta on trial Apple...
Criminals are using AI website builders to clone major brands
AI tool Vercel was abused by cybercriminals to create a Malwarebytes lookalike website. Cybercriminals no longer need design or coding skills to create a convincing fake brand site. All they need is a domain name and an AI website builder. In minutes, they can clone a site's look and feel, plug i...
CVE-2025-68581
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through = 1.0.11...
WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin YITH Slider for page builders versions = 1.0.11...
EUVD-2025-205254
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through = 1.0.11...
CVE-2025-68581
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through = 1.0.11...
CVE-2025-68581 WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through = 1.0.11...
CVE-2025-68581
Technical details about CVE-2025-68581 (affected product, version, impact, and fix) are not publicly provided in the supplied documents; monitor for updates.
CVE-2025-68581 WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through = 1.0.11...
PT-2025-53269
Name of the Vulnerable Software and Affected Versions YITH Slider for page builders versions through 1.0.11 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update YITH Slider for page builders to a versi...
WordPress plugin YITH Slider for page builders 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2024-58318
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...
CVE-2024-58318 Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...