MAL-2023-8032 Malicious code in olymptrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 980d1b05adbe09f084ff3a74bbcdf8e7b12c80d99842d8caf74bb22009af6e38 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-7937 Malicious code in hh-dep-monitoring (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ac7b27f86bac41db082963b72360f1c159fa5ecbaf4a72d766ae92548df697f3 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-7939 Malicious code in orbitplate (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx df1bde52050b0c84fcf4221afb1f77445edcbfc7e307f2eaf54fb104ce916f06 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in olymptrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 980d1b05adbe09f084ff3a74bbcdf8e7b12c80d99842d8caf74bb22009af6e38 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8571 Malicious code in pyghoster (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5dff2bd9da92b93b22c32e611a7d510147596aa9a8e0f566cb9e5b25dc8a45d3 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

编号撤回

Pikachu is a web application with vulnerabilities by hanlu individual developers. The CVE number has been withdrawn...

MAL-2023-8366 Malicious code in python-aliyun-sdk-kms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 53bdcdc5414f25435cd821a9217982c4b486c91100caa324a9c3613d4ccd8d42 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

Malicious code in ng-zulutrade-ssr (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b7f6b1d4585de70357f4ac94823e53c6846ebaeaf161d5088e75c3fde5f7ac05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Moderate: python-requests security update

The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fixes: python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

FBI Alert: Crypto Scammers are Masquerading as NFT Developers

The U.S. Federal Bureau of Investigation FBI is warning about cyber crooks masquerading as legitimate non-fungible token NFT developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer...

FBI warns users of NFT theft by malicious developers

By Waqas Cybercriminals are posing as legitimate NFT developers and employing sophisticated tactics to deceive unsuspecting victims. This is a post from HackRead.com Read the original post: FBI warns users of NFT theft by malicious developers...

Node.js: Bypass network import restriction via data URL

A security flaw in Node.js was discovered that allowed bypassing of network import restrictions. By embedding non-network imports in data URLs, arbitrary code execution was possible, compromising system security. The vulnerability was verified on various platforms and was mitigated by forbidding...

Moderate: Red Hat Security Advisory: python-requests security update

An update for python-requests is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Malicious code in binarium-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e6203f8ba86eed8c7eef3531a2e69f72fa4badbcd98e90b291436bf574cb24c7 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test528 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 97568f0e3334d6f7383a27c82a79b1e1be7654b988294006c30290011d105e55 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

EulerOS Virtualization 2.9.0 : python-cryptography (EulerOS-SA-2023-2531)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

Malicious code in awell-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f22989168c34b37227bb7bcfe0b03c27cd141f8ec26d34a78a0c0ba06553f881 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test527 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 873572cb006dd8216d097e1014bc26f4f54e2e57b00c4ed5db617993287c9735 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8008 Malicious code in @rocketrefer/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c06dd93e949e2750017a45685b6d200640e259c416cb4cbc995550ea3e04ab0 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8019 Malicious code in developer_backup_test524 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d66391b0bfaae30b4461ff1768362862ffcdeb67b1ceb87a4d9b18ec5af4b4a9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...