PT-2026-46911

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fi...

Malicious code in vectordb-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...

Malicious code in weavedb-offchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d267c34e35dca7091a9ab01d22a9c0a4cfde364531b8017f15f4a09785381198 package.json declares scripts.preinstall: "./.github/scripts/precheck", where precheck is a 976,568-byte stripped Linux ELF binary sha256...

Exploit for CVE-2017-0144

EternalBlue-DoublePulsar-Exploit-Demonstration Cybersecurity l...

MAL-2026-2882 Malicious code in cjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...

coruna-exploit-kit-analysis

Coruna iOS Exploit Kit — Reverse Engineering Analysis Def...

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling ..., while quietly functioning as...

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package...

MAL-2026-2277 Malicious code in aiogram-photo-updater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62ec906fc563c8e7b6c22bb0dae1e739e6c3d8e24091105a8eafb292dae2f661 When run, the package exfiltrates files from a cryptowallet and modifies its executable placing an implant exfiltrating passphrase later. --- Category: MALICIO...

CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

CVE-2026-31976

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the handling of Protobuf messages within multiple server handlers due to missing nil-pointer validation after unmarshalling. An attacker can cause the server process to terminate unexpectedly by sending a...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

New threat actor, UAT-9921, leverages VoidLink framework in campaigns

Cisco Talos recently discovered a new threat actor, UAT-9921, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink. The VoidLink compile-on-demand feature lays down the foundations for AI-enabled attack frameworks, which can create tools on-demand f...

China-Linked DKnife Spyware Hijacking Internet Routers Since 2019

Cisco Talos uncovers DKnife, a China-nexus framework targeting routers and edge devices. Learn how seven stealthy implants hijack data and deliver malware via AitM attacks...

EUVD-2025-206377

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

CVE-2025-59109

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...