MAL-2026-4534 Malicious code in color-style-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47cf4aaa2cd7a20b222a1a4150a7b9e1f79d9b0a09c8fe4a5689e55bad9bc087 On npm install, all three lifecycle hooks preinstall, install, postinstall execute postinstall.js, which harvests installer secrets and exfiltrates...

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA Europe, Middle East, and Africa with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are...

Hackers Using New Evasive Technique to Deliver AsyncRAT Malware

A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an HTML attachment, threat attackers are delivering AsyncRAT a remote access trojan...

NCH Software Express Burn Plus 4.68缓冲区溢出漏洞

NCH Software是适用于Windows和Mac OS X的音频，视频，听写，商业和计算机实用软件的厂商。 该漏洞是由于项目文件处理时的边界错误引起的，当用户打开例如特制的.EBP文件时，导致一个unicode缓冲区溢出。成功利用此漏洞可能允许执行任意代码。 0 NCH Software Express Burn Plus 4.68 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.nchsoftware.com/ use Cwd; use LWP::Simple; print "\n...