Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

Malicious code in search-connector-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...

Malicious code in zest-product (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...

Malicious code in @aiscene/aiserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 542fdb1c23b52adda0ed5164b65c9768aef7a5edd45473f9cd3ceab3065b1bb3 When the installed aiserver tool is started via its bin, npm start, or loading dist/index.js, it registers the host with a hardcoded remote controlle...

Improper Verification of Cryptographic Signature

Overview bsv-wallet is an Implements the BRC-100 standard wallet-to-application interface for the BSV Blockchain. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificate...

EUVD-2025-209288

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

CVE-2025-20628

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

PingIdentity PingIDM 安全漏洞

PingIdentity PingIDM is an identity data management platform provided by the American company PingIdentity. There is a security vulnerability in PingIdentity PingIDM, which stems from insufficient access control granularity. This vulnerability could allow attackers to intercept or modify...

PT-2026-31046

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings...

CVE-2026-23687

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

CVE-2026-23687 XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

dcap-qvl data falsification vulnerability

dcap-qvl is a confidential computing development library open source by Phala. Versions of dcap-qvl prior to 0.3.9 contained a data falsification vulnerability. This vulnerability stemmed from critical flaws in the encryption verification process, which could allow attackers to forge QE identity...

Microsoft Security success stories: Why integrated security is the foundation of AI transformation

AI is transforming how organizations operate and how they approach security. In this new era of agentic AI, every interaction, digital or human, must be built on trust. As businesses modernize, they’re not just adopting AI tools, they're rearchitecting their digital foundations. And that means...

In 2025, age checks started locking people out of the internet

If 2024 was the year lawmakers talked about online age verification, 2025 was the year they actually flipped the switch.​ In 2025, across parts of Europe and the US, age checks for certain websites especially pornography turned long‑running child‑protection debates into real‑world access controls...

CVE-2025-36460

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An...

CVE-2025-36460 Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An...

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as "Internet Swiping" and "Million Dollar Criminal" earning millions of views, Punchmade has leveraged his considerable followi...

LDAP Active Directory - domainDNS Enumeration

Binary data ldapenumdomaindns.nbin...