Malicious code in wdb-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: nats-server, k8s-device-plugin, aws-flb-firehose, paranoia, act, cerbos, rabbitmq-messaging-topology-operator, gitaly, flux-source-controller, extism, task, chezmoi, knative-serving, rancher-fleet, knative-operator, grafana, step-ca, helm-set-status, tofu-controller,...

CVE-2026-27140 vulnerabilities

Vulnerabilities for packages: bank-vaults, protoc-gen-go-grpc, terraform-provider-random-fips, prometheus-blackbox-exporter, rancher-webhook, newrelic-infrastructure-agent-fips, velero-plugin-for-microsoft-azure-fips, knative-kafka-broker-fips, commercial-grafana, helm-fips,...

Threat Landscape of the Building and Construction Sector, Part One: Initial Access, Supply Chain, and the Internet of Things

In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries su...

EUVD-2022-6750

Malicious code in bioql PyPI...

MAL-2024-10032 Malicious code in graphcore-cloud-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ac46cb60f0875363e708276c64f0c8fa73c50f57eed28170f94437a5954f89fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in graphcore-cloud-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ac46cb60f0875363e708276c64f0c8fa73c50f57eed28170f94437a5954f89fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

LeakyCLI Vulnerability in Cloud Tools Puts Credentials at Risk

...

datawire-cloudtools (=0.2.6) potentially affected by CVE-2016-7036 via python-jose (=0.5.5)

python-jose PYPI version =0.5.5 is affected by a known vulnerability. The following packages have a transitive dependency on python-jose and may be impacted: - datawire-cloudtools =0.2.6 Source cves: CVE-2016-7036 Source advisory: OSV:GHSA-W799-PRG3-CX77...

How to Prevent Pwned and Reused Passwords in Your Active Directory

Many businesses are currently looking at how to bolster security across their organization as the pandemic and remote work situation continues to progress towards the end of the year. As organizations continue to implement security measures to protect business-critical data, there is an extremely...

Offensive Security Testing Using Cloud Tools

When performing offensive security testing, assessors sometimes run into issues where their source IP address gets blacklisted. For example, we might be performing a web application test and, due to the many suspicious queries being performed, our IP address is suddenly blocked. While on the...

RemoteSec: achieving on-prem security levels with cloud-based remote teams

The world of work is changing—by the minute, it feels these days. With the onset of the global coronavirus pandemic, organizations around the world are scrambling to prepare their workforce, and their infrastructure, for a landslide of remote connections. This means that the security perimeter of...