4 matches found
MAL-2026-4149 Malicious code in onfire.js (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...
CVE-2026-2244
Summary: CVE-2026-2244 affects Google Cloud Vertex AI Workbench. A vulnerability existed from 2025-07-21 to 2026-01-30 that allowed an attacker to exfiltrate valid Google Cloud access tokens of other users by abusing a built-in startup script. The exposure could enable unauthorized access to toke...
Google Cloud Vertex AI Workbench 安全漏洞
Google Cloud Vertex AI Workbench is a cloud-based integrated development environment provided by Google, Inc. There is a security vulnerability in Google Cloud Vertex AI Workbench, which allows attackers to exploit the built-in startup scripts to steal valid Google Cloud access tokens from other...