14 matches found
Malicious code in donuts.node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bd852600a317ae1df99af9e6cede53d3f54d36b9a400ca672eff6a7146818a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-41277 Malicious code in donuts.node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bd852600a317ae1df99af9e6cede53d3f54d36b9a400ca672eff6a7146818a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in donuts.node-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6b8d6fee5827de9688cc9b83812dc32e54e33531a0bd2fd179dc3e2935564dc7 The OpenSSF Package Analysis project identified 'donuts.node-build' @ 99.99.104 npm as malicious. It is considered malicious because: - The...
Malicious Package
Overview donuts.node-build is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious code in donuts.node-remote (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 589d937e738773f2893caf9608e4b93c3616dad1f93e5d6dc62834864e46182e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview donuts.node-weak is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Wake me up till SAS summit ends
What do cyberthreats, Kubernetes and donuts have in common – except that all three end in "ts", that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021. To be more specific, there will be a workshop titled, "Prevent & Detect...
donuts.domains Improper Access Control vulnerability OBB-1424650
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
A week in security (September 23 – 29)
Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...
Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack
Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which i...
Dunkin Donuts Perks loyalty data breach: Change your password
By Waqas Dunkin Donuts says it has suffered a data breach in which customer data of its DD Perks loyalty program may have been stolen - The DD Perk is a reward program for the company's regular customers. According to a now-inaccessible security advisory, Dunkin Donuts stated that the data breach...
Hackers Breach Dunkin' Donuts Accounts in Credential Stuffing Attack
A credential stuffing attack has allowed hackers to take a big bite out of Dunkin’ Donuts customer data. The donut giant announced Tuesday evening that a data breach in October may have led to customers’ personal information being compromised. Dunkin’ Brands Inc. in an advisory posted to its...
Fairy Donuts Make & Bake - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities
HackApp vulnerability scanner discovered that application Fairy Donuts Make & Bake published at the 'play' market has multiple vulnerabilities...
Eat All The Donuts - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Eat All The Donuts published at the 'play' market has multiple vulnerabilities...