MAL-2026-5986 Malicious code in npm-sandbox-ping-r9t2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335649d395a44d7de1bc6343dbce1f0459414ef92ab149413a86b47e28f3c7c3 package.json declares a postinstall hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon14.js,...

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real...

CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

EUVD-2026-35283

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

PT-2026-47534

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier. This...

CVE-2025-20628

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

Malicious code in search-connector-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...

Malicious code in zest-product (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...

Malicious code in @aiscene/aiserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5afe7de709fb18909451ff49a02f133f248fb0dc0688709251c924038effc6dc On load, dist/index.js unconditionally instantiates new AIServer and calls server.start at module top level no require.main === module guard, so simp...

Improper Verification of Cryptographic Signature

Overview bsv-wallet is an Implements the BRC-100 standard wallet-to-application interface for the BSV Blockchain. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificate...

EUVD-2025-209288

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

CVE-2025-20628

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

PingIdentity PingIDM 安全漏洞

PingIdentity PingIDM is an identity data management platform provided by the American company PingIdentity. There is a security vulnerability in PingIdentity PingIDM, which stems from insufficient access control granularity. This vulnerability could allow attackers to intercept or modify...

PT-2026-31046

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings...

CVE-2026-23687

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

CVE-2026-23687 XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

dcap-qvl data falsification vulnerability

dcap-qvl is a confidential computing development library open source by Phala. Versions of dcap-qvl prior to 0.3.9 contained a data falsification vulnerability. This vulnerability stemmed from critical flaws in the encryption verification process, which could allow attackers to forge QE identity...

Microsoft Security success stories: Why integrated security is the foundation of AI transformation

AI is transforming how organizations operate and how they approach security. In this new era of agentic AI, every interaction, digital or human, must be built on trust. As businesses modernize, they’re not just adopting AI tools, they're rearchitecting their digital foundations. And that means...