Spyware Maker NSO Group Found Liable for Hacking WhatsApp

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case...

Malicious code in powpeg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 888651be4245ed94e8c3c538181c95691f87e394e03ebe7d425abd55a1f95749 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11937 Malicious code in @metrics-service/mf-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12046 Malicious code in tiktok_embed_v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cedd877746749d5c38833b338e2e72d91bc521f21eaa22de4fa05aca509fa7e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in yapi-to-dts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19ac9578e805bf62c4ef65a0db4a50d37e5fa4953caa1e4774265c4f5d86277a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12063 Malicious code in yapi-to-dts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19ac9578e805bf62c4ef65a0db4a50d37e5fa4953caa1e4774265c4f5d86277a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12066 Malicious code in zarf-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8697bcf4cd06bebdca6e5806069048fc48ce173a5deb372b5992e95df3e0103a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12055 Malicious code in uieyruhen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bf41327d08044a79de665efb499271f25d43926008abc6c34ca0de6e5827b8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12029 Malicious code in rafarafa_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fef5839fff290714b9670f7234be53a1ba5805118f3ff573e3e7340496a8c133 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12022 Malicious code in pnpm-run (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d39da4628840938cc4d6581c772a1f0039a45ec515eb70d692ec5032b15ee087 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12012 Malicious code in o-share (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06086385d6d0eae5259f2f99cd6e307f57d5290aa66966c69fb517d502714d4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12004 Malicious code in mina-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c04fd17707294cac66886e59d347bbfcaf6ac85121c28b4b665490794f5fb861 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in internallib_v420 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 291a2b6b3559f93316c3fa8d0ab9ddf6a6417051190512d339da5b8c5e5827cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11993 Malicious code in iabgpp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edb6cda8a8bf373a6f28fe3d23c481148bad3a3d27f968fc337be3dfe4326f55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12054 Malicious code in uid-2-test-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f2900f53327b861bd4050d2e38c0e867e8ace72a97f5525cb74f56a7af8373e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in host-exploit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c88a475b723d108a1436e644b77f957b6c71df50e99efaabff655288073d99c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in healenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab4597abf70195617218b4366cc4e83ea35770e784027c1909b352f258da5b8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12059 Malicious code in vintage-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63f6bc17c1c01e6f49a004e5384314cbf05ad37d339d259358798671c386b601 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11989 Malicious code in grid-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3f459ed60b15a8a5c508fed9f7ebd2f7707ebbb1420e814add93920322749ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in gft-model-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b553d507e20e5d98f5bb1934bad6b5d49d32085028d96603c5eceb371c3851e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...