Lucene search
K

7 matches found

Snyk
Snyk
added 2026/06/06 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/14 2:22 p.m.13 views

Malicious Package

Overview knot-rspec-formatter-json is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2024/06/17 10:30 p.m.19 views

GHSA-6GR4-52W6-VMQX rke's credentials are stored in the RKE1 Cluster state ConfigMap

Impact When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: -...

9.9CVSS9.1AI score0.00641EPSS
Exploits0References6
hivepro
hivepro
added 2023/01/18 11:51 a.m.39 views

Google Chrome Vulnerability Exposes Data of 2.5 Billion Users

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in Google Chrome could affect over 2.5 billion users. An attacker can exploit this vulnerability for the theft of sensitive files, such as crypto wallets and cloud provider...

3.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/01/11 1:0 p.m.54 views

Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen

The Imperva Red Team recently disclosed a vulnerability, dubbed CVE-2022-3656, affecting over 2.5 billion users of Google Chrome and Chromium-based browsers. This vulnerability allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials. Introduction Chrome is...

9.2AI score0.01659EPSS
Exploits0
Rows per page
Query Builder