15435 matches found
MAL-2026-952 Malicious code in claud-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 858992810c1a4133d95b6fa19033c07591db548a46df39b67e0d393d7dd212ad The package claud-code was found to contain malicious code. Source: ghsa-malware 5fe9842d778d45ad5b5e4d81db678d608711dd4b186e053569dae6f210481651 Any...
UBUNTU-CVE-2025-71235
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...
Stable Channel Update for Desktop
The Stable channel has been updated to 145.0.7632.109/110 for Windows/Mac and 145.0.7632.109 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...
OpenClaw macOS deep link confirmation truncation can conceal executed agent message
Summary OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full message after the user clicked...
Malicious code in webpack-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f7b28a9002453a46c97bba5ad0790e13ba1ba656971e78de46edf6efcd53154 The package webpack-vite was found to contain malicious code. Source: ghsa-malware cd525d679fa448615bd48fe06d94f5cd6d94cb97f6ae72ae6afbb179027cce9c A...
MAL-2026-895 Malicious code in json-mapping-src (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc958aaacb5ea616283510ccda98b0a4634c35d348eece1613366ac66ad41abb The package json-mapping-src was found to contain malicious code. Source: ghsa-malware 8e7f8a61a6a361880bea88321b1f130627266e5f1d54e8aa9d9f47d64c99db...
MAL-2026-872 Malicious code in stylelint-recommended (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3f0d274dda57eb9c09967bc0bfad1709fd8ddcbf3ec4c0e7e9828826e6d0d9a The package stylelint-recommended was found to contain malicious code. Source: ghsa-malware...
Malicious code in systemtest-network (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8fadd3f7e7470daeb4e977c85dbe226a9225b2c4eae6c269a4d85fc01e96681 The package systemtest-network was found to contain malicious code. Source: ghsa-malware...
MAL-2026-859 Malicious code in systemtest-network (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8fadd3f7e7470daeb4e977c85dbe226a9225b2c4eae6c269a4d85fc01e96681 The package systemtest-network was found to contain malicious code. Source: ghsa-malware...
CVE-2025-11242
Server-Side Request Forgery SSRF vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025...
Apple多款产品 安全漏洞
Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in several Apple products that could be exploited by an attacker to disclose...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.3 and earlier contained a security vulnerability caused by permission issues, which could allow applications to access protected user data...
Malicious code in chai-as-approved (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f623e45c7742d5a9190e736f51777bae77297d5abeafd8c21679bd40b729034b The package chai-as-approved was found to contain malicious code. Source: ghsa-malware da0fdbfe00f6e097edd25bc90bfbac03e97c871951995b5d58f06b348d39c8...
MAL-2026-831 Malicious code in bigmathix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b200be57a4cdb466d56397968f69dd3845955ced56c5229608dbf03762106ff9 The package bigmathix was found to contain malicious code. Source: ghsa-malware 5fce43c0e03186c2441c8a54be7cb130625459fe9179665e242f223f0c7d2944 Any...
MAL-2026-834 Malicious code in graphflowx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4266b530d4c7c33d31f0b615033dac2a3a57218c537f1d13449342f0fbbc29b The package graphflowx was found to contain malicious code. Source: ghsa-malware d297a9f3d4e974972015d3869473fee386c696410e1746be7088d2ad5d0bf69e Any...
MAL-2026-827 Malicious code in narrow-array (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508eafee6916ba29ade3caf0722e7bffe693e53fa35a4e74f0dc385950778f34 The package narrow-array was found to contain malicious code. Source: ghsa-malware 8bbee1a11c9aa9d6feb751063161f9802c6245890a9764cdddf190d3357df462 A...
CVE-2025-11242
CVE-2025-11242 is a Server-Side Request Forgery (SSRF) in Okulistik by Teknolist Computer Systems Software Publishing Industry and Trade Inc., affected through 21102025. The CVSS 3.1 base score is 9.8 (CRITICAL) with NETWORK attack vector, no privileges required, no user interaction, and high imp...
MAL-2026-819 Malicious code in json-mapping-sources (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77824e69a815d8ac27a50bb52fa0a39fe2c7e512e6597d3aefd500b0eae847e8 The package json-mapping-sources was found to contain malicious code. Source: ghsa-malware...
MAL-2026-807 Malicious code in web3-sinon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6990443632c3224a5e897d1747fcd76f782eda8d020447076d59cf305b03c82 The package web3-sinon was found to contain malicious code. Source: ghsa-malware 7d195e4b1eda9212f69e313de4107deae82670a9615ec25b86c8aaaf3df0e1f9 Any...
iPhone Lockdown Mode Protects Washington Post Reporter
404Media is reporting that the FBI could not access a reporter's iPhone because it had Lockdown Mode enabled: The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after raiding the home of the reporter, Hannah Natanson, in January as...