MAL-2025-191769 Malicious code in jsonschemex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f678f82847db32c68ab5a95a827f755d13b5d4cd371667eb584f25ed28ed01 Malicious clone of a legitimate package with hidden code that downloads the next stage scripts. Analysed payloads had just exfiltrated basic infos --- Category...

EUVD-2025-198224

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

Malicious code in perfviewer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea912a2de677fa6d9ea6dbf9a792dace4d927efd46a5cb615ba8548fec4930e8 During installation, code downloads and starts an executable and a DLL library. After starting them, files are removed from the disk. The executable has been...

MAL-2025-191754 Malicious code in hexadecpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e553647ff67ec6e0339b5de8038f9522494a1200e0437156eee7674d5a29ef21 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Automated Side-Channel Analysis of Cryptographic Protocol Implementations

We extract the first formal model of WhatsApp from its implementation by combining binary-level analysis via CryptoBap with reverse engineering via Ghidra to handle this large closed-source application. Using this model, we prove forward secrecy, identify a known clone-attack against...

MAL-2025-191841 Malicious code in python-rootpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb867560d676e7b79ce110b230906a9630feb223cbcb6072bff5a2636c60a3c7 Hidden code downloads, saves and import a remote script. The package itself is a clone of a legitimate "rootpath". At the time of analysis, the remote script d...

MAL-2025-153426 Malicious code in avminh-afinagoofssa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9faaac946091f5cf10be380f3dc0d47b7041ae42da4938e97f25f0b64d67460 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-124907

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

btrfs: zoned: clone zoned device info when cloning a device

...

MAL-2025-93223 Malicious code in ambitious_takin_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a734a11e404640b2733f877014f78a19d43f6983aaf1972ed8b87c3ce0356b7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-63173 Malicious code in gita-mieaceh1-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b4c4130fff681af93c4d203fc4300ec4caa2d697764f0d9e63f98ddc31cc992 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-50048 Malicious code in cici-kepok86-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99804c3fb076d7d0571f573376a91bb4f8011e7043514c8ed6e7403392310db1 The package cici-kepok86-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...

MAL-2025-191702 Malicious code in chromifypro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4138883ad2e38b4a8a4353918126f4732db5f04107be0bddafc745ec97120b52 Packages silently decrypt content hidden in a dependency and load them as Python extension modules. In the first wave, those are copies of legitimate aiohttp a...

Acunetix_vulnerability_assessment_tool

Acunetixvulnerabilityassessmenttool !imagehttp...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990491)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990491 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONEVM cloning, user...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988915)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988915 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONEVM cloning, user...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989248 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfsreplacefileextents Error injection testing uncovered a case where...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989114 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener A listening socket linked to a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: arm64/ptrace: Fixed a stack-out-of-bounds read in regsgetkernelstacknth. KASAN reported a stack-out-of-bounds read in regsgetkernelstacknth. Call Trace: 97.283505 BUG: KASAN: stack-out-of-bounds in...

Malicious code in kingwork-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5f5651b094b6f22f4f79f533c24bb398eb10ed340bfccdcdc75fa5dcfc98b8bf The package contains the same code to deobfuscate code as in previous packages, but the malicious code itself is missing --- Category: MALICIOUS - The campaign...