305 matches found
Compromised tag of intercom-php published via GitHub
Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...
Malicious code in sf-vmeval-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...
MAL-2026-3242 Malicious code in sf-vmeval-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...
[SECURITY] Fedora 44 Update: openbao-2.5.3-1.fc44
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...
MAL-2026-3157 Malicious code in apple-internal-auth-v3 (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
Malicious code in sf-th-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3a4508be29963ffe0a2d8b245449cf80873bdd6037c226e94ff99d9937566c7d During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...
MAL-2026-3135 Malicious code in sf-th-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3a4508be29963ffe0a2d8b245449cf80873bdd6037c226e94ff99d9937566c7d During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from environmental variable cleanup issues, where GITTEMPLATEDIR and AWSCONFIGFILE were not protected...
EUVD-2026-21364
Juju: CloudSpec method leaking cloud credentials...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the CloudSpec method on the Controller facade. An attacker can obtain sensitive cloud credentials by making an authenticated API call with only basic login permissions, without requiring elevated privileges...
Juju: CloudSpec method leaking cloud credentials
Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...
GHSA-W5FQ-8965-C969 Juju: CloudSpec method leaking cloud credentials
Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...
CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412 Juju CloudSpec API could leak senstive information
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412 Juju CloudSpec API could leak senstive information
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
PYSEC-2026-202
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
UBUNTU-CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...