Lucene search
+L

3635 matches found

ossf
ossf
added 3 days ago8 views

Malicious code in jsonfb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc07bf73ed684a1d555baa4dc6cadcd170bde4da4779ef62c0dd3f9cf02c99a Package [email protected] is presented as a JSON.parse bigint helper mimicking json-bigint, and re-using the real json-bigint maintainer's name in...

6.1AI score
Exploits0References8
osv
osv
added 3 days ago2 views

MAL-2026-10437 Malicious code in jsonfb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc07bf73ed684a1d555baa4dc6cadcd170bde4da4779ef62c0dd3f9cf02c99a Package [email protected] is presented as a JSON.parse bigint helper mimicking json-bigint, and re-using the real json-bigint maintainer's name in...

6.1AI score
Exploits0References8
nvd
nvd
added 6 days ago7 views

CVE-2026-56254

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS0.00151EPSS
Exploits0References2
osv
osv
added 6 days ago2 views

CVE-2026-56254 capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS6.1AI score0.00151EPSS
Exploits0References4
thn
thn
added 2026/07/09 4:1 a.m.13 views

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to...

6.1AI score
Exploits0
thn
thn
added 2026/07/08 3:7 p.m.66 views

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting , turns that habit into an attack: work out the fake names an AI...

6.1AI score
Exploits0
euvd
euvd
added 2026/07/07 11:11 a.m.6 views

EUVD-2026-42034

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References1
osv
osv
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1031 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`

Impact When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=2, 2, shape=2, 2, dtype=tf.float...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.5 views

PYSEC-2026-978 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`

Impact If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf numbits = 8 narrowrange = False inputs = tf.constant0, shape=4, dtype=tf.float32 min ...

5.9CVSS7AI score0.00396EPSS
Exploits0References7
malwarebytes
malwarebytes
added 2026/07/06 4:22 p.m.21 views

How to tell if an image is AI-generated

A photo of an injured dog by the roadside. A dating profile with pictures that look almost too perfect. A donation appeal showing a family stranded on a rooftop after a flood. Scammers are already using AI-generated images to support fake stories, build trust, and persuade people to send money or...

5.8AI score
Exploits0
snyk
snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/04 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
thn
thn
added 2026/07/03 8:3 a.m.17 views

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript .scpt file impersonating Maccy, a...

6AI score
Exploits0
osv
osv
added 2026/07/02 4:57 p.m.15 views

GHSA-V8CX-933X-R976 OpenClaw: Fake package roots could influence memory-core artifact loading

Summary Fake package roots could influence memory-core artifact loading. In affected versions, a local package root resolution path influenced by workspace state could select a package root that was not the intended bundled artifact root. This advisory is scoped to the named feature and...

7.8CVSS5.9AI score0.00114EPSS
Exploits0References4
thn
thn
added 2026/07/01 3:26 p.m.24 views

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures

A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet's FortiGuard Labs identified the campaign in May 2026. It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really in Spain or Portugal, and hides its...

6AI score
Exploits0
thn
thn
added 2026/06/30 11:30 a.m.20 views

What the Numbers Say About FIFA 2026 Cyber Risk

The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages. Check Point...

5.8AI score
Exploits0
thn
thn
added 2026/06/27 5:27 p.m.27 views

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Security Service of Ukraine SSU said it, together with the U.S. Federal Bureau of Investigation FBI, uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in...

5.8AI score
Exploits0
alpinelinux
alpinelinux
added 2026/06/25 4:41 p.m.10 views

CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6.5CVSS5.8AI score0.00152EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not cause a crash when the msc-input field is missing. Fake USB devices can send their own report descriptors, for which the inputmapping hook is not called. In this case, msc-input remains NULL, leading to a...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References2
Rows per page
Query Builder