Malicious code in @budetzzgantenk/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b1fbb4415cf2858924d511ef2bf96ad5152dda4537a264f45d1b4d847ba25d Package @budetzzgantenk/baileys is a modified fork of @whiskeysockets/baileys that adopts the upstream's homepage...

MAL-2026-4374 Malicious code in @budetzzgantenk/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b1fbb4415cf2858924d511ef2bf96ad5152dda4537a264f45d1b4d847ba25d Package @budetzzgantenk/baileys is a modified fork of @whiskeysockets/baileys that adopts the upstream's homepage...

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...

K000159681: Credential harvesting campaign targeting F5 VPN users

On January 13, 2026, researchers identified a large-scale credential harvesting campaign targeting several VPN providers, including F5. The threat actors behind the campaign registered numerous doppelgänger domains designed to mimic legitimate F5 domains. These domains are used to deceive victims...

GO-2022-0776 Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

Denial of Service DoS in HashiCorp Consul in github.com/hashicorp/consul...

GO-2023-1701 Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker

Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker...

Threat actor impersonates Google via fake ad for Authenticator

We have previously reported on the brand impersonation issue with Google ads: users who search for popular keywords are shown malicious ads that purport to be from an official vendor. Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it als...

Malicious Package

Overview methantiafk is a malicious package. It distributes Discord malware hosted on GitHub, that can steal important host information and credentials. Remediation Avoid using all malicious instances of the methantiafk package. References - Injected Code Credit: Snyk Research Team...

Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software

A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such as Raccoon and Vidar since early 2020. The infection chain "uses about a hundred of fake cracked software catalogue websites that redirect to several links before...

vulhub

This repository is an open-source collection of vulnerable web applications and tools for security training and research. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of vulnerable applications, including web servers, databases, and other systems, to help...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a repository for testing and demonstrating various vulnerabilities in different applications and frameworks. The repository contains a variety of vulnerable environments, including web applications, databases, an...