Lucene search
K

14 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/23 9:13 a.m.3 views

Malicious code in donuts.node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bd852600a317ae1df99af9e6cede53d3f54d36b9a400ca672eff6a7146818a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/08/23 9:13 a.m.4 views

MAL-2025-41277 Malicious code in donuts.node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bd852600a317ae1df99af9e6cede53d3f54d36b9a400ca672eff6a7146818a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/29 1:25 a.m.9 views

Malicious code in donuts.node-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6b8d6fee5827de9688cc9b83812dc32e54e33531a0bd2fd179dc3e2935564dc7 The OpenSSF Package Analysis project identified 'donuts.node-build' @ 99.99.104 npm as malicious. It is considered malicious because: - The...

7.1AI score
Exploits0References1
Snyk
Snyk
added 2023/03/01 8:18 a.m.4 views

Malicious Package

Overview donuts.node-build is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/01/09 1:49 a.m.5 views

Malicious code in donuts.node-remote (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 589d937e738773f2893caf9608e4b93c3616dad1f93e5d6dc62834864e46182e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2022/08/10 8:6 a.m.1 views

Malicious Package

Overview donuts.node-weak is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
Securelist
Securelist
added 2021/09/23 8:0 a.m.20 views

Wake me up till SAS summit ends

What do cyberthreats, Kubernetes and donuts have in common – except that all three end in "ts", that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021. To be more specific, there will be a workshop titled, "Prevent & Detect...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/10/19 2:14 p.m.8 views

donuts.domains Improper Access Control vulnerability OBB-1424650

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/30 3:43 p.m.52 views

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...

Exploits0
ThreatPost
ThreatPost
added 2019/02/12 9:37 p.m.47 views

Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which i...

0.4AI score
Exploits0References10
HackRead
HackRead
added 2018/11/30 12:4 a.m.67 views

Dunkin Donuts Perks loyalty data breach: Change your password

By Waqas Dunkin Donuts says it has suffered a data breach in which customer data of its DD Perks loyalty program may have been stolen - The DD Perk is a reward program for the company's regular customers. According to a now-inaccessible security advisory, Dunkin Donuts stated that the data breach...

1.4AI score
Exploits0
ThreatPost
ThreatPost
added 2018/11/29 2:36 p.m.14 views

Hackers Breach Dunkin' Donuts Accounts in Credential Stuffing Attack

A credential stuffing attack has allowed hackers to take a big bite out of Dunkin’ Donuts customer data. The donut giant announced Tuesday evening that a data breach in October may have led to customers’ personal information being compromised. Dunkin’ Brands Inc. in an advisory posted to its...

1.9AI score
Exploits0References3
hackapp
hackapp
added 2016/04/01 10:22 a.m.10 views

Fairy Donuts Make & Bake - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Fairy Donuts Make & Bake published at the 'play' market has multiple vulnerabilities...

0.1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:18 a.m.13 views

Eat All The Donuts - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Eat All The Donuts published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder