Malicious code in maya-kue29-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8427101e4940a45be0375d6631eae889240ecb8e9688e28d1d88933e4b00047b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

A Time Series Analysis of Malware Uploads to Programming Language Ecosystems

Software ecosystems built around programming languages have greatly facilitated software development. At the same time, their security has increasingly been acknowledged as a problem. To this end, the paper examines the previously overlooked longitudinal aspects of software ecosystem security,...

CVE-2025-32371

CVE-2025-32371 affects DNN Platform (DotNetNuke) via the ImageHandler, where a URL crafted with a querystring parameter can render text in the resulting image. This could mislead users who trust the domain. The issue is fixed in DNN 9.13.4; apply the 9.13.4 upgrade (or follow vendor guidance) to ...

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

`rustdecimal` is a malicious crate

The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...

MAL-2022-1 Malicious code in rustdecimal (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e33f42f05c60c6d9f9297bae15a43d6c445e2ad0fd67fa4ef144e5cc79d09c7 The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained...

malicious crate `rustdecimal`

The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...

Recognizing Q3 Top 5 Bounty Hunters

Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft...