MAL-2026-4793 Malicious code in vxui-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bde616ebc21909bfa386bf8e49438da710f48b62ae3127f2a7259c71557a4242 package.json declares a postinstall script that runs curl -skL...

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json,"...

MAL-2026-4533 Malicious code in codebuff-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...

Malicious code in @vino.tian/vibe-kanban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...

Malicious code in crw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4324181416ad15727c0f51a30b56858c42fad99b93635922494acfe4c0f5d597 Package 'crw' impersonates the Firecrawl SDK: it declares 'firecrawl' as a keyword, replicates Firecrawl's client surface...

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calli...

HenBR-Autoload

HenBR-Autoload Download any PS4 exploit in one click...

Security Bulletin: NVIDIA Triton Inference Server - December 2025

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

Security Bulletin: NVIDIA Triton Inference Server- November 2025

NVIDIA has released a software update for NVIDIA Triton Inference Server. To protect your system, download and install the latest release from the Triton Inference Server Releases page on GitHub and view the Secure Deployment Considerations Guide. Go to NVIDIA Product Security. Details The...

unserialize-exploit

🎯 unserialize-exploit - Explore PHP Unserialization Exploits...

Security Bulletin: NVIDIA Megatron LM - August 2025

NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.12.2 or later from Releases · NVIDIA/Megatron-LM on GitHub. Go to NVIDIA Product Security...

Device Plugins for Kubernetes Advisory

Summary: A potential security vulnerability for some Device Plugins for Kubernetes software maintained by Intel may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24313 Description: Improper access...

Fedora 42 : incus (2025-2edb6773ed)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2edb6773ed advisory. New release of Incus. Release information: https://github.com/lxc/incus/releases/tag/v6.15.0 Tenable has extracted the preceding description block...

Security Bulletin: NVIDIA Megatron LM - June 2025

NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.12.1 or later from Releases · NVIDIA/Megatron-LM on GitHub. Go to NVIDIA Product Security...

Exploit for SQL Injection in Valvepress Automatic

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

Tai-e - An Easy-To-Learn/Use Static Analysis Framework For Java

Tai-e What is Tai-e? Tai-e Chinese: 太阿; pronunciation: ˈtaɪə: is a new static analysis framework for Java please see our technical report for details, which features arguably the "best" designs from both the novel ones we proposed and those of classic frameworks such as Soot, WALA, Doop, and...

GHSA-VRMR-F2QH-3HHF Improper use of cryptographic key in wal-g

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

OpenCTI - Open Cyber Threat Intelligence Platform

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats. The structuration of the data is...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...