One Detector Fits All: Robust and Adaptive Detection of Malicious Packages from PyPI to Enterprises

The rise of supply chain attacks via malicious Python packages demands robust detection solutions. Current approaches, however, overlook two critical challenges: robustness against adversarial source code transformations and adaptability to the varying false positive rate FPR requirements of...

EUVD-2019-13959

Malware in sbrugna...

Malicious code in pycrackhash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3323afe460298d80a354497acdd641752c5fb6bce2dce3d7e7625d7a46f1d7c When using methods from the package, it downloads an obfuscated code from Github and puts it in multiple localisation. While it appears that this code is used ...

MAL-2025-6829 Malicious code in tensorflowjs (npm)

Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...

Malicious code in loggerex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7a27ca3e673f54a1e041d55e84b8a0e871239df2331c9a3fd1dbe20d1fa86f56 It's a clone of "loguru" package which on import loads a second-stage script from loguru.guru. This makes a few checks and downloads the next stage, which is a...

CVE-2025-3426 Use of default hardcoded credentials

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-enginee...

Linux Distros Unpatched Vulnerability : CVE-2021-42574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

CVE-2024-55907

IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation...

CVE-2024-55907 IBM Cognos Mobile information disclosure

IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation...

Malicious code in tiksing (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef883e1ad19e5cbeafdda023c535abc9a14f84f81dce26e06d9f10bf77013ab5 Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...

Malicious code in rwoka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601385385b682f6bdaa31c763e64c5fafb16f22df60acd266c9c7f23f73208ee The package contains highly obfuscated content, that install another, downloaded from a remote location obfuscated script in the installation path of the...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

CVE-2023-50428

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code e.g., with OPFALSE OPIF, as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the...

Code injection

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code e.g., with OPFALSE OPIF, as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the...

Bitcoin Core Security Breach

Bitcoin Core is an open source client for verifying the validity of blockchain transactions. A security vulnerability exists in Bitcoin Core versions 26.0 and earlier, and Bitcoin Knots versions prior to 25.1.knots20231115, which stems from the ability to bypass data carrier size limits by...

VulnCheck KEV: CVE-2023-50428

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code e.g., with OPFALSE OPIF, as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of...

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...

SUSE CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate...