Exposed Dangerous Method or Function

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. An attacker can...

Hackers Are Posting the Claude Code Leak With Bonus Malware

Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more...

Anthropic Leaks 512,000 Lines of Claude AI Code in Major Blunder

Human error exposed 512,000+ lines of Anthropic Claude AI Code, revealing KAIROS and Capybara secrets, pushing users to switch to the Native Installer...

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence AI coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement...

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Cybersecurity researchers have disclosed a cross-site scripting XSS vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we...

CVE-2025-55183

A flaw was found in React Server Components RSC. This vulnerability allows an information leak, where a specifically crafted HTTP Hypertext Transfer Protocol request to a vulnerable Server Function can unsafely return its source code. Exploitation requires a Server Function that explicitly or...

CVE-2025-12616

PHPGurukul News Portal 1.0 contains an information disclosure flaw in an unknown function of /onps/settings.py. Manipulation can insert sensitive data into debugging code, enabling remote exploitation. The vulnerability is exploitable remotely, with high attack complexity, and public exploit avai...

EUVD-2019-8562

Malware in sbrugna...

EUVD-2019-0551

Malware in sbrugna...

EUVD-2023-39050

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-3413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions...

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure. "The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft...

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows -...

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 13.0 through 15.2.2, which stems from a possible source code leak when the App Router is enabled on the development server...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

CVE-2019-1010294

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...

CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...

4chan Breached? Hacker from Rival Soyjak Forum Claims Source Code Leak

UPDATE: Hackread.com has reviewed internal Discord chat logs from 4chan's Discord server, which confirm the breach...

CVE-2025-32054

CVE-2025-32054 affects JetBrains IntelliJ IDEA prior to 2024.3, including 2024.2.4. The issue is a logging vulnerability where source code could be written to the idea.log file, potentially exposing sensitive information. The root cause is that certain source code content is logged during normal ...

SysPass 安全漏洞

SysPass is a system password manager by RubénD Personal Developer. A security vulnerability exists in SysPass version 3.2.x. The vulnerability stems from the file upload feature not handling special characters correctly, resulting in a source code leak...