MAL-2026-5302 Malicious code in nhmpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b2d6b794431c52ef6b905eb676d70274a792cbca1b266a3405734a7a900860b Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage

NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

GHSA-M837-XVXR-VQWG Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage

Summary The TTS generation endpoint sets Access-Control-Allow-Origin: as a hardcoded response header, independent of the server's CORS configuration. This enables any webpage to make cross-origin requests to generate speech using stored credentials. Root Cause typescript //...

CVE-2026-44873

The CVE-2026-44873 entry describes a session-management vulnerability in the AOS-8 Operating System. Affected software: AOS-8. Vulnerable condition: existing authenticated sessions are not invalidated when credentials are revoked or accounts are administratively disabled, allowing continued netwo...

Five defender priorities from the Talos Year in Review

A familiar theme in security right now is that the barrier to entry for attackers is at an all-time low. AI tools can spin up websites within minutes that can easily direct data to disposable external data stores and send alerts for new captures -- all without code. One such case was recently...

EUVD-2026-16818

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Artificial Intelligence AI is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional...

5 Best Next Gen Endpoint Protection Platforms in 2026

Discover the best next-gen endpoint protection platforms in 2026, built to detect modern threats, stop credential abuse, and secure enterprise devices...

PT-2026-1361

Name of the Vulnerable Software and Affected Versions Pterodactyl versions 1.11.11 and below Description Pterodactyl, a game server management panel, has an issue where Time-based One-Time Password TOTP can be reused during its validity window. When a user with two-factor authentication 2FA enabl...

GHSA-FW33-QPX7-RHX2 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

A security vulnerability was discovered in gardenctl when it is used with non‑POSIX shells such as Fish and PowerShell. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of...

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first documented in...

PT-2025-46658

Name of the Vulnerable Software and Affected Versions versions prior to 2025 affected versions not specified Description An issue exists that allows an attacker on the local network to gain access to a user account by performing an arbitrary number of authentication attempts with different...

CVE-2025-57254

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System HMS 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL...

Year in Review: Attacks on identity and MFA

For our third focussed topic for Talos' 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns. The main themes of this story are credential abuse, Active Directory attacks, and MFA workarounds. Valid account usage was the 1 way attackers got i...

CVE-2024-42176

HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information...

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...

The Prolificacy of LockBit Ransomware

Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in Septembe...

CVE-2022-23746

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender SNX. If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords...

CVE-2022-29050

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials...

Backdoor.Win32.FTP.Ics Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/584bc06128469423f9e50e8a359d18acC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Ics Vulnerability: Port Bounce Scan MITM Description: The malware listens on TCP...