14 matches found
CVE-2026-34402
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to...
CVE-2026-2462
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...
Malicious code in tourney-sdk-react (npm)
The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c5364bf5b440c1fcec66cbe29b7243db3661868744f68aebeb5f8b99619d950 The package tourney-sdk-react was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview json-oauth is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...
When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.
Published in 2019, the automslc package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...
MAL-2025-1549 Malicious code in zztest890 (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f0bfcc0f336c7ee2a414f1d146dc59634be795c3a17855e4f9f62d26c58958e Any computer that has this package install...
MAL-2025-1344 Malicious code in ascendex-main (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 142a52b8be8d82df662a3eda8e1ac0eb272c5af8bda1ee499d710997621a8535 Any computer that has this package install...
MAL-2025-1329 Malicious code in htx-dev (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18c05dd9781405f8a19064535fdb213fba19de58f671ed5bc64d2cf1ed95e6d7 Any computer that has this package install...
MAL-2025-66 Malicious code in jupyter-binding (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=-...
Malicious code in bytepps (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9aa4ba0120720e5b121a5cbccaa4bd97efb87a5f2fa881edc7a297d33fab3c4f A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures
The U.S. Securities and Exchange Commission SEC has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast,...
Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections
Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...
CVE-2022-23320
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...
Analyzing the REvil Ransomware Attack
Over the past year, there has been a rise in extortion malware, e.g. Nefilim and Darkside, which steal and threaten to publish sensitive data or encrypt it until a ransom is paid. Nowadays, cybercriminals use various techniques to gain their initial foothold within a network in the organization...