1529 matches found
Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 “Voodoo Child”
Note: If youre a WordPress user, we recommend the Wordfence Security Plugin which provides a robust and complete set of security controls for WordPress websites. If you host WordPress servers and need high performance malware and vulnerability scanning on the command line, read on! Our mission at...
Trojanized PyCharm Software Version Delivered via Google Search Ads
A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. "Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python...
[SECURITY] Fedora 37 Update: libwebp-1.3.2-2.fc37
WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...
Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called...
Malicious code in pyefflorer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9db59fb1fff1df375feb9a17164f004b62a2d5fa194dcc285341536b6bfb51aa Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
[SECURITY] Fedora 37 Update: openmpi-4.1.4-6.fc37
Open MPI is an open source, freely available implementation of both the MPI-1 and MPI-2 standards, combining technologies and resources from several other projects FT-MPI, LA-MPI, LAM/MPI, and PACX-MPI in order to build the best MPI library available. A completely new MPI-2 compliant...
[SECURITY] Fedora 38 Update: openmpi-4.1.4-9.fc38
Open MPI is an open source, freely available implementation of both the MPI-1 and MPI-2 standards, combining technologies and resources from several other projects FT-MPI, LA-MPI, LAM/MPI, and PACX-MPI in order to build the best MPI library available. A completely new MPI-2 compliant...
Nexkey Authorization Issues Vulnerability
Nexkey is an open source, decentralized social media platform for nexryai individual developers. An authorization issue vulnerability exists in Nexkey versions prior to 12.121.9 that stems from allowing an attacker to bypass authentication to access the job queue dashboard...
Malicious code in pyhulul (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f22a13d592f8a4de9eaf39b1c4c0c149232890e90dc5cff2988d49901d31a3e2 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
MAL-2023-8576 Malicious code in pyjio (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 26d9b6377460b59c1e31da04bf9acd401bd082c4911c43dbe41a60d55d65904a Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
[SECURITY] Fedora 38 Update: libwebp-1.3.2-2.fc38
WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...
MAL-2023-8575 Malicious code in pyioler (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b5a0ae31e85484643163bd7b0da8800b531141a1e5d14a97f534b2bfdbefb531 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5217...
Malicious code in pytasler (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9209d9bf3f5a8205e05d9cb3e590cb8ad8cdf90cedb528dd047828c38b308361 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in pyalsogkert (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx db76c02045b01626113fc566fbbcd5f7fd5ccbd230e7e5c6dc0ed090a712c9b1 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
MAL-2023-8566 Malicious code in kokokoako (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 037e7b78b81b8740ce2627e91bec2d913cb5ef310bf3d7a80046fee57dd42162 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
MAL-2023-8588 Malicious code in pytasler (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9209d9bf3f5a8205e05d9cb3e590cb8ad8cdf90cedb528dd047828c38b308361 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
Malicious code in kokokoako (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 037e7b78b81b8740ce2627e91bec2d913cb5ef310bf3d7a80046fee57dd42162 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
CVE-2015-6964
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...
Malicious code in pykokalalz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx ea135d81e5fdfe2d80397f1d6a5b8d0003b8c91632b9dd89163b6b5817e3684e Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...