CVE-2026-45625 Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

arcane 安全漏洞

Arcan is an open-source Docker management software developed by Arcane. Versions of Arcan prior to 1.19.0 contained security vulnerabilities. These vulnerabilities stemmed from multiple endpoints in the Huma-based REST API that did not call the checkAdmin helper function. Additionally, the...

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...

Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

MAL-2026-3158 Malicious code in apple-internal-pki-trust (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

Malicious code in apple-internal-pki-trust (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

MAL-2026-3151 Malicious code in apple-cloud-infrastructure-monitor (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

Fedora 44 : composer (2026-1140c02041)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1140c02041 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

Fedora 42 : composer (2026-d91f313a63)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d91f313a63 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

GlassWorm attack installs fake browser extension for surveillance

GlassWorm hides inside developer tools. Once it's in, it steals data, installs remote access malware, and even a fake browser extension to monitor activity. While it starts with developers, the impact can quickly spread. With stolen credentials, access tokens, and compromised tools, attackers can...

Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...

GHSA-QH38-484V-W52X vulnerabilities

Vulnerabilities for packages: aws-sigv4-proxy-fips, cilium-certgen, extism, protoc-gen-go, stampdalf, minio-object-browser-fips, skaffold, glow, nova-fips, terraform-provider-sendgrid, prometheus-nats-exporter, manifest-tool, skopeo-fips, dynamic-localpv-provisioner-fips, ipfs-cluster,...

GHSA-CXQ7-XW9V-RCV3 vulnerabilities

Vulnerabilities for packages: aws-sigv4-proxy-fips, cilium-certgen, extism, protoc-gen-go, stampdalf, minio-object-browser-fips, skaffold, glow, nova-fips, terraform-provider-sendgrid, prometheus-nats-exporter, manifest-tool, skopeo-fips, dynamic-localpv-provisioner-fips, ipfs-cluster,...

EUVD-2017-0124

Malware in sbrugna...

EUVD-2023-1011

Malicious code in bioql PyPI...

EUVD-2024-0859

Malicious code in bioql PyPI...

EUVD-2022-4594

Malicious code in bioql PyPI...

EUVD-2025-19655

Malicious code in bioql PyPI...

EUVD-2023-0407

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-53103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git...