Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

OSV
OSVadded 2026/05/22 7:36 p.m.5 views

MAL-2026-4632 Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/03/06 7:28 a.m.2 views

MAL-2026-1260 Malicious code in webmd-url (npm)

Package exfiltrates data via pre/postinstall scripts, and has a suspicious main entrypoint targeting MongoDB configurations. Package extracts data like username, hostname and current working directory and sends it to malicious domain http://4v6heh2m.requestrepo.com/depconf/webmd-url/ --- -= Per...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/03/03 6:2 p.m.5 views

Malicious code in optimal-spark-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c1bf78d6e3b593fd29329b4175a48c645abf4b4b63e93db68f25221329d14c During installation, the package starts obfuscated code that attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/02/13 1:44 a.m.3 views

Malicious code in bitfinex-test (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 199489107476d243a7bba3fa9ea8aba37899410c24dce572a4a67b4c49aa9e1d Any computer that has this package install...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/02/11 9:27 p.m.5 views

Malicious code in toobit-internal (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4dc2372cd3e422972f9e5ad734631f8915a68a2543a638d01de026ebb0d04436 Any computer that has this package install...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/01/29 12:13 p.m.2 views

Malicious code in sample_cluster (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6217ec411da102d0d27e1b3750ea1c11a33ebed73e81625b568ddeecb5b1cab Any computer that has this package install...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/01/05 5:20 a.m.4 views

Malicious code in old-mpl-token-metadata (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6603cd004d4fbdaf7a066de7f7057ad66c4108e0bd8d961201d12f326fc1d7bf Any computer that has this package install...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/07/29 8:45 p.m.4 views

Malicious code in lambda-sns-dynatrace-sdk (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6846e2cf86562a1515400ba129d4fef5beb818c3002079e8bdd09c9e86f00fc5 Any computer that has this package install...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/07/22 2:11 p.m.5 views

Malicious code in jqtools-toolbox-expose (npm)

The package contains code to exfiltrate user and host information to an oastify domain. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cf8ecc5384976555e101e147d0456707c86467e52647ed0bdbc91bc47639356a The OpenSSF Package Analysis project identified...

6.9AI score
Exploits0
The Hacker News
The Hacker Newsadded 2022/07/25 9:7 a.m.35 views

Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected...

0.1AI score
Exploits0
ThreatPost
ThreatPostadded 2020/03/18 9:0 a.m.102 views

Magecart Cyberattack Targets NutriBullet Website

A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...

8.3AI score0.0552EPSS
Exploits1References11
Malwarebytes
Malwarebytesadded 2019/04/26 4:6 p.m.54 views

GitHub hosted Magecart skimmer used against hundreds of e-commerce sites

Every day, new e-commerce websites fall into the hands of one of the many Magecart skimmers. Unbeknownst to shoppers, criminals are harvesting their personal information, including payment details in the online equivalent of ATM card skimming. Most often the skimming code—written in JavaScript an...

7.5AI score
Exploits0
Rows per page
Query Builder