126 matches found
MAL-2026-4413 Malicious code in @onerjs/serializers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 729400f12e8686271847d4633518c63363e156c251d18ede6f1d2e947aa2c0e0 This package replicates the public API of @babylonjs/serializers and ships its source verbatim, but rewrites every internal import from @babylonjs/co...
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in...
K000159681: Credential harvesting campaign targeting F5 VPN users
On January 13, 2026, researchers identified a large-scale credential harvesting campaign targeting several VPN providers, including F5. The threat actors behind the campaign registered numerous doppelgänger domains designed to mimic legitimate F5 domains. These domains are used to deceive victims...
Exposing Vulnerabilities in Counterfeit Prevention Systems Utilizing Physically Unclonable Surface Features
Counterfeit products pose significant risks to public health and safety through infiltrating untrusted supply chains. Among numerous anti-counterfeiting techniques, leveraging inherent, unclonable microscopic irregularities of paper surfaces is an accurate and cost-effective solution. Prior work ...
Why it matters when your online order is drop-shipped
Online shopping has never been easier. A few clicks can get almost anything delivered straight to your door, sometimes at a surprisingly low price. But behind some of those deals lies a fulfillment model called drop-shipping. It's not inherently fraudulent, but it can leave you disappointed,...
MAL-2025-179470 Malicious code in anabuyi-inupabubava-ninni (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c23ab30f7921eae6e4a601831378c23f58edb9fa39bb3efef92ed16825e2f98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kapvino-soni-farvadvi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4d9eec3c8383412bad75c82dfea73ac69790d96b0ea5bc2a6438d1b569950e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152138 Malicious code in akabia-aligama-aiava (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b603023b3a95ac716bfc0052ab74d25ef9964cac3f2548e07ce849a856c221f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-158537 Malicious code in lookingan-namakiki28 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7d3bf05eb4fdaa32134dcd74d99d37a0c98ed39f0b531c4b9ae1899b7c66fc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tailwindcss-playwright-lacerta-hapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1208ff45dd006a097793072c093d443a2de50d88981ecb93b4111e96b46ba2c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139062 Malicious code in tart-moccasin-sheep (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 863d5e0a7c3f3ed55de4f449b0b715916e1f5160bb989ea4d1065ef4bd24ea39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-116897 Malicious code in rudi-lodeh56-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d1e8b2ec72b29b35cb554ebfb31e56a00bf82f8b2c11995ca6691104cc24d50 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-106132 Malicious code in naked_falcon_0xrequest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f8855a2f73664467fee3a222342ae5ed528efced12304b9486cdcf7ca9834d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-106919 Malicious code in partial_rook_0xrequest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28d272e98cea6aad70ab590160de1629b8d5475fea03cca8f49ff979cb1bc53c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-100240 Malicious code in candra-sasag25-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e665e46b7cbb0f4c4e3f0315681447a692dd7f6ea6835416a7c33582ea51c6df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kresna-soto66-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d00df64ccb1a14f2bd643edb7ddddaa0ab943584c3c0126e593b215ea2fb83c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-48428
Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...
EUVD-2025-35648
Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...
CVE-2025-48428
Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...
EUVD-2022-3562
Malicious code in bioql PyPI...