99 matches found
PYSEC-2026-2926 PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem...
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per...
Malicious code in autotel-pact (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea3afdb0cdd411bf4c5c61858c6eac81b3a321fad31613a01d8e1ba80c9a6642 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in node-env-resolver-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebb20ec41cd318dc4b8958df0ddc5c86e5fede7c4ee3c7ced1439aad3e943b97 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in executable-stories-playwright (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3137898a0ce7b26bf51153300f929a28c1d653830a2ddf7f57d7dea270e2a7e0 No concrete installer-harm signals were identified in this version. No lifecycle hooks fetching remote payloads, no credential or environment scrapin...
Malicious code in node-env-resolver-aws (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4d561f58633262592e17233481bba8398f047eb830948370396c51b6d952c90 No concrete installer-harm signals were identified in this version of the package. Coverage of the package contents was partial, so a human reviewer...
Malicious code in mountly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a392e66eff4da37e5adbd5288c1bb8da03c5348cfafacfa54aa113321e81dec5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in @forjacms/client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e53cc7a866c8a2316aec94a20aa737e6bdb4a71202c0f363e301219ae1291ac The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in mountly-tailwind (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e398eaa72f57a4536d3bb3c64f27de01f4a1d91cf64c65f10b8949dcfb4cfb91 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in github-archiver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d8f3a21af0a31a899de9e8eabd09e30c6e05e620ab3a7d7af420c34214898b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @forjacms/sections (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c21dd7e7453f68aa7240f5ec40de3a37683b0a9655d0218a094c528e042766f The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in awaitly-libsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b990b0b3ddf0eb2fbfe64fc70090459960085e3268df5cbdd1a86f958f69448e No concrete installer-harm signals were identified in this package version. The package name combines 'awaitly' and 'libsql' a well-known SQLite-fork...
Malicious code in autotel-plugins (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54f7a26d9e1681241d44bb8a37e06156508af068e0f594ae58ce4ed3a2caa94c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in awaitly-postgres (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3015c3afc4f26f62482274726cb1ce34f803abd4b7e84a6eb7e0c802e8c8b7df The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in @contaazul/n8n-nodes-contaazul (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fba5858825a845f02388990e34281d89dac395b6414e89c12c556d3fe0d7c45 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in autotel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 921a045507925f9accff44927ec74588991f03dd291a3ae95cdc9919523ed800 Pattern matches fired on co-occurrence of the strings 'ping', 'POST', and 'hostname' in the package's bundled and source files dist/chunk-.cjs,...
Malicious code in create-cf-token (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d9884f6d63e063d1320b8d8efbfb8852f00bd3c18c87b03b445f6978897570 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in discord-search (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1588cbceb5959b1a1b9e22d2b54d3d67e6bac9c8be4538df23f809772e4a9850 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in autotel-hono (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5d4817f36d8b16c1ecf07488650333e0cf46bf1b5f45a1a9f15079575424225 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...