42 matches found
MAL-2026-4896 Malicious code in @cloudplatform-single-spa/cloud-dns (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-5024 Malicious code in @mlspace/model-registry (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-5009 Malicious code in @fb-deposit/form-savings-account (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
Malicious code in @cloudplatform-single-spa/anti-ddos (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4994 Malicious code in @cloudplatform-single-spa/vcenter-manager (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in finkrouter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff852ad2ff69ee287dd37d79ea134314ffca73772068117b819495250ff401f3 The package ships a single heavily-obfuscated cli.obf.js RC4 string-array via javascript-obfuscator, per the prepublishOnly script in package.json...
MAL-2026-4373 Malicious code in @budetzz/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2dbcccc761971dfc5f844f59f362fe32ee1e0b9a3cd91ddd4fc87be5c8b013a The package is published under the name @budetzz/libsignal-node, impersonating the well-known libsignal Signal-protocol library, but the homepage and...
Malicious code in @budetzz/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...
Windows-privilege-exploits
Elevation !Windowshttps://img.shields.io/badge/platform-Wi...
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident show...
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
This week's ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week'...
MAL-2025-191059 Malicious code in @trigo/atrix-swagger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86c35c2f73646bcb572d5c9cc85d640fb8acdd21da4582946a069f92f2c146d7 The package @trigo/atrix-swagger was found to contain malicious code. Source: ghsa-malware...
Malicious code in alfiansyah-poke29 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6768a38c49c9f186d0feab6f2b5a40a969afb12c440477b73c5704bf6e1d3ed4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teagood-yakuza70 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bb8da1e71e69db45bbd262eb7e34d25a1477f0452d2031c22a28e84aa02847b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oktafian-enting36-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 831f8feb97b2a9091fbe44b65921ab9ae631c988c2846cd611448cb623b8cb82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hadianto-serimuka57-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71cbd497adbb4dd7ce31fbfd7dbd258efc4c7a4eed73ddf2fc6d7de6da4d0935 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-85174 Malicious code in erwin-ketan77-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f53bbf036568c35e37427c92c474dab6d78591f588ff19a2442ed4d87d7b0255 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kurniawan-sambel81-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ddde2e352295ff10b50b01c6284c68bec92ba167c49d6e47902ddd673ccc5ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X
New Android malware Baohuo hijacks Telegram X accounts, stealing data and controlling chats. Over 58,000 devices infected, mainly in India and Brazil...
CVE-2025-1494 IBM Cognos Command Center clickjacking
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...