MAL-2026-5716 Malicious code in beamz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c380f1f0fc3c5cf723cd7d92bf41c30f622aafaa633a32f0a78bf91a3a769d2a The package advertises itself as a credential-transfer CLI but implements transfer by reading the user's Anthropic Claude Code credentials...

Malicious code in polymarket-ai-agent (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

Malicious code in polymarket-terminal (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

Malicious code in polymarket-auto-trade (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

Malicious code in @by-device/fingerprint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0b58f4a1374ff973bdb10f587a6d3bc80207b12a8a85a4edc4f3db66139847f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-38299

Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Treck Tcp\/Ip

Treck20-Related PoC for CVE-2020-11896 Treck TCP/IP stack and...

Digital Doppelgangers

Carding exists for over 20 years. And it is not dead yet. It is alive, and even more – it is being actively developed by cybercriminals. The "good" old method of entering stolen credit card information into online store forms to buy goods and services or using online payment system accounts for t...

IoT-Home-Guard - A Tool For Malicious Behavior Detection In IoT Devices

IoT-Home-Guard is a project to help people discover malware in smart home devices. For users the project can help to detect compromised smart home devices. For security researchers it is also useful in network analysis and malicious hehaviors detection. In July 2018 we had completed the first...

Jenkins 低权限用户 API 服务调用 可致远程命令执行

漏洞演示 将 Jenkins 跑起来后，在低权限用户下构造 XML 文档： hashCode open /Applications/Calculator.app false 0 0 0 start 1 发送 Payload 至接口 http://...:8080/jenkins/createItem?name=knownsec： 成功后服务端会运行 计算器 程序。 漏洞影响 影响版本： 1.650 （1.650版本已修复该问题） 从zoomeye.org上搜索设备指纹“Jenkins” 从搜索的结果来看，约存在20000个潜在受到影响的目标。 相关链接...

Rogue Wi-Fi Access Point: 3vilTwinAttacker

This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic 3vilTwinAttacker is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snoopi...

3vilTwinAttacker - Create Rogue Wi-Fi Access Point and Snooping on the Traffic

This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic. Software dependencies: Recommended to use Kali linux. Ettercap. Sslstrip. Airbase-ng include in aircrack-ng. DHCP. Nmap. Install DHCP in Debian-based Ubuntu $ sudo apt-get...