MAL-2026-5181 Malicious code in tronlabpy3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71fd394fee5be8e6fe09e8fff0c645dfc2bd164506a85c077d76642c9ec86ba6 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Malicious code in tronlabpy3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71fd394fee5be8e6fe09e8fff0c645dfc2bd164506a85c077d76642c9ec86ba6 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2026-5178 Malicious code in tronlab (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44a6e385a64a2319d00a77e4eb063dd97f8a54dff9df20653fec1f3c3d40ecb9 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Malicious code in tronlab (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44a6e385a64a2319d00a77e4eb063dd97f8a54dff9df20653fec1f3c3d40ecb9 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Infostealers are becoming the go-to phishing payload

Phishing has changed. Slowly but surely, cybercriminals are turning to infostealers instead. Traditional phishing hasn't gone away. Far from it. But many attackers are no longer focused solely on tricking victims into entering usernames and passwords on fake login pages. Instead, they are using...

Cryptocurrency Widgets Pack <= 1.8.1 - SQL Injection

Cryptocurrency Widgets Pack Plugin =1.8.1 for WordPress contains an unauthenticated SQL injection caused by unsanitized user input in database queries, letting attackers execute arbitrary SQL commands, exploit requires no authentication. id: CVE-2022-44588 info: name: Cryptocurrency Widgets Pack ...

Fake BlueWallet steals passwords, accounts, and crypto from Macs

A fake website impersonating BlueWallet a real Bitcoin wallet is targeting Mac users with a simple but effective attack. BlueWallet itself has not been compromised. Instead, cybercriminals have stolen the name and branding of the legitimate Bitcoin wallet to make a malicious download appear...

MAL-2026-5086 Malicious code in polymarket-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a690aea77d0d48fae2a4f500f434cc5d4fb5cde042b7b902b0ee647b97921dc4 The package attempts to exfiltrate sensitive data related to cryptocurrencies and API keys, as well as establish persistence. Likely related to...

Malicious code in polymarket-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a690aea77d0d48fae2a4f500f434cc5d4fb5cde042b7b902b0ee647b97921dc4 The package attempts to exfiltrate sensitive data related to cryptocurrencies and API keys, as well as establish persistence. Likely related to...

Fake ChatGPT download site infects Windows and Mac users with malware

A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information. The site, openew.app, closely mimics OpenAI’s real ChatGPT download experience and offe...

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering...

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

Wiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations...

CVE-2026-8698

The CVE-2026-8698 affects the WordPress plugin Cryptocurrency Prijsvergelijking Widget (version 1.0). Root cause: insufficient output escaping in as_get_coin_shortcode(), which renders the 'width' (and 'height') shortcode attributes directly into the style attribute of an iframe without esc_attr(...

EUVD-2026-32055

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

CVE-2026-8698 Cryptocurrency Prijsvergelijking Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

CVE-2026-8698 Cryptocurrency Prijsvergelijking Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

WordPress plugin Cryptocurrency Prijsvergelijking Widget 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-43500

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the as get coin shortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style...

MAL-2026-4286 Malicious code in polymarket-data-fetcher (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b6b5ac8b803d36ef490adff8a4d3110c4030063bbd2345e4b23d1871909638e9 The code attempts to monitor the clipboard and replace copied cryptocurrency addresses, as well as establish persistence. --- Category: MALICIOUS - The campaig...

Malicious code in polydata-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04c2f2ae400ee7411678735073e22d4c662de5653a4add84eaca159ed0ba004a Package self-describes as a Polymarket market-data analytics tool but ships a Windows clipboard monitor src/polymarketdatafetcher/clipper/winclip.py...