Storm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer

In mid-January 2026, Microsoft Defender Experts identified a devious way that cybercriminals are tricking people into giving away…...

Malicious code in @malware-test-thraw-hyrax-gapes-maaed/test-mlw3-thraw-hyrax-gapes-maaed (npm)

The package @malware-test-thraw-hyrax-gapes-maaed/test-mlw3-thraw-hyrax-gapes-maaed was found to contain malicious code...

OPeNDAP BES压缩文件远程命令执行漏洞

OPeNDAP是一款帮助研究者在不同格式中交换数据集的应用软件。 OPeNDAP服务程序的BES守护进程存在安全问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意代码。 攻击者可以发送特殊构建的压缩文件给受影响的服务器程序，导致BES守护程序在过滤压缩文件中的数据时出现问题而执行任意代码。 OPeNDAP Hyrax 1.2 OPeNDAP BES 3.4.2 + OPeNDAP Hyrax 1.2 升级程序： OPeNDAP BES 3.4.2 OPeNDAP bes-3.5.0.tar.gz...

OPeNDAP filesystem enumeration vulnerability

Overview The OPeNDAP server version 4 contains a file enumeration vulnerability. This vulnerability may allow an attacker to enumerate filesystem contents. Description OPeNDAP is a software package designed to help researchers exchange data sets that are stored in different formats. The most rece...