MAL-2026-5639 Malicious code in @tt-aem-tt4a/shared-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 817c1920ad6f83b25d8fd32b77999376a6ad3b5448e93e7b0b66cce72ec4dac0 The OpenSSF Package Analysis project identified '@tt-aem-tt4a/shared-components' @ 10.0.0 npm as malicious. It is considered malicious because: ...

CVE-2026-5065 IBM Controller is affected by vulnerabilities

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

MAL-2026-4689 Malicious code in test-ajs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851b521e3dde5ea11478cd37cc4bf8da2f0a0ca1864d6c39fa27fd02ef0f9308 test-ajs advertises a 2KB React/Recoil helper dist/cjs/index.js, 2169 bytes, exporting Roid/inject glue over react+recoil but ships a 976KB Linux ELF...

Malicious code in bitu-staking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adb12160da2b84d2f9c21c6d5f3a2d803e574fcf593e9d84da3b5e8cbbdef96e The package bitu-staking was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in lightspark-crypto (npm)

The package communicates with a domain associated with malicious activity...

EUVD-2017-4262

Malware in sbrugna...

Abusing Notion’s AI Agent for Data Theft

Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson's lethal trifecta, it's vulnerable to data theft though prompt injection. First, the trifecta: The lethal trifecta of capabilities is: Access to your private data --one of the most common purposes...

Malicious code in kite-public (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-41930 Malicious code in @rbapp/pages (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-41910 Malicious code in @espace-client-axafr/user-profile (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-41899 Malicious code in @espace-client-axafr/savings-webservices (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-41884 Malicious code in @espace-client-axafr/redirection-angel (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in pentest-event-emitter (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in @jito-lab/provider (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in @justworkshr/alma (npm)

The package communicates with a domain associated with malicious activity...

Active Exploitation: New Aquabot Variant Phones Home

...

MAL-2024-1060 Malicious code in unity-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d000b4d34f837a9755c05f72318c44ba0f8cf265e46224607cedae43aea73ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-50948

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

Hardcoded credentials

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222...

Hardcoded credentials

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075...