MAL-2026-5501 Malicious code in ethers-jss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 56bf62c882d62bbb9bacc402f0f25f48e12b878ff454eda013fed56dc61db42e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control C2 server, Kaspersky researcher Lisandro Ubiedo said in an...

@aragon/core-contracts (>=0.7.0-alpha <=0.8.0-alpha), @aragon/osx (>=1.2.0 <=1.3.0-rc0.4) +42 more potentially affected by CVE-2023-26488 via @openzeppelin/contracts-upgradeable (>=4.8.0 <=4.8.1)

@openzeppelin/contracts-upgradeable NPM version =4.8.0, =0.7.0-alpha, =1.2.0, =0.0.1, =0.0.1, =0.0.1, =1.0.4, =2.0.0, =1.0.1, =1.0.15, =1.0.27, =1.0.16, =1.0.29 and more Source cves: CVE-2023-26488 Source advisory: OSV:GHSA-878M-3G6Q-594Q...