Fake BlueWallet steals passwords, accounts, and crypto from Macs

A fake website impersonating BlueWallet a real Bitcoin wallet is targeting Mac users with a simple but effective attack. BlueWallet itself has not been compromised. Instead, cybercriminals have stolen the name and branding of the legitimate Bitcoin wallet to make a malicious download appear...

MAL-2026-5100 Malicious code in obfuscation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9a6d747918a89b433d6b670595d6b8d3049f49a69762c3e483d4f0f9dbeb81a3 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

CVE-2026-9472

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

MAL-2026-4696 Malicious code in turing-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6 package.json declares turing-code as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registr...

Malicious code in turing-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6 package.json declares turing-code as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registr...

Astra Linux - уязвимость в firefox

When downloading an HTML file, if the title of the page is formatted as a filename with a malicious extension, Firefox may save the file with that extension. This could lead to potential system compromise if the downloaded file is later executed. This vulnerability affects Firefox versions earlie...

MAL-2026-3697 Malicious code in syntaxlogger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ebc8a65895fc09c10b6e6bf23926076ec575582e80e084616e6779b091df947d When using the provided functionality, code silently downloads archives with executables to a location excluded from A scanning, and then executes them. The...

CLSA-2026-1777941528 openssh: Fix of CVE-2026-35385

CVE-2026-35385: fix scp legacy protocol receiver to clear setuid/setgid bits from downloaded files when -p preserve mode is not set...

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

CVE-2026-42428 OpenClaw < 2026.4.8 - Missing Integrity Verification in Package Downloads

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment...

`logprinter` was removed from crates.io for malicious code

The crate downloaded code from an external HTTP endpoint and executed it within its trace fn...

UBUNTU-CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

GHSA-RC55-58F4-687G Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents

This vulnerability allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. | Field | Details | | :--- | :--- | |...

BIT-GITLAB-2026-1230 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect...