MAL-2023-8007 Malicious code in @rocketrefer/admin-panel (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cee4d7f564848bd4bb2a8a410f60f22ce1bce642072b14a97281130483c8c1a9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8019 Malicious code in developer_backup_test524 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d66391b0bfaae30b4461ff1768362862ffcdeb67b1ceb87a4d9b18ec5af4b4a9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8040 Malicious code in zip_achive_bp (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a268db221b575c75e97a65f2a00d56b0a4ac4d14910e381fa972bf522479022f Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8017 Malicious code in developer_backup_test522 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8b52e3ebbc9f77499af5305ed66af90a110e8aa4ae801a722309d25dfe72f01a Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test524 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d66391b0bfaae30b4461ff1768362862ffcdeb67b1ceb87a4d9b18ec5af4b4a9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8021 Malicious code in developer_backup_test527 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 873572cb006dd8216d097e1014bc26f4f54e2e57b00c4ed5db617993287c9735 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8584 Malicious code in pypiele (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ee88c93851e948d712a89564bfc344ce19843d9b5ed8fcd696d5d530fdc59e34 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

Malicious code in pypiele (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ee88c93851e948d712a89564bfc344ce19843d9b5ed8fcd696d5d530fdc59e34 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these API...

How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16

Earlier this month, a group of hackers was spotted using a set of malicious tools--that originally gained popularity with online video game cheaters--to hide their Windows-based malware from being detected. Sounds unique, right? Frustratingly, it isn't, as the specific security loophole that was...

MAL-2023-8012 Malicious code in b2b-canaisdigitais (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4dc971b04d6b1823268396807c41d808cc18fd8c2b2094b5c9ee6fb342083172 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in cherry_corrupt (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c4217ff7a5cb8b7dda2ab6a4133d37db497cd1d418337326492b177b12853636 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8014 Malicious code in cherry_corrupt (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c4217ff7a5cb8b7dda2ab6a4133d37db497cd1d418337326492b177b12853636 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in tema-cnp (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c2745cc070d505850bb1ac172e24c2433bbec8ea8b59619e7e67ecd862f10635 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8037 Malicious code in tema-cnp (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c2745cc070d505850bb1ac172e24c2433bbec8ea8b59619e7e67ecd862f10635 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

element-web -- Cross site scripting in Export Chat feature

Matrix Developers reports: The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS...

MAL-2023-8027 Malicious code in firefly-shared-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 540259a2eb130bcb8b4596b7a6458b6290bd5dd6b8846751f0475931083f7594 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-1135 Malicious code in chegg-contentful (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0f294558304bba4da1c74169d026ebb78d4c1509bc734739942abe3860bc7390 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: Cross Site Scripting vulnerability CSV injection vulnerability...

Internet Bug Bounty: jdbc apache airflow provider code execution vulnerability

A code execution vulnerability was discovered in the Apache Airflow JDBC Provider before version 4.0.0. The vulnerability allowed for privilege escalation by exploiting controllable parameters in the JDBC connection, enabling the execution of arbitrary Java code...