A week in security (June 22 – June 28)

Last week on Malwarebytes Labs: Malware steals Chrome session cookies to take over your accounts Beware of "Parcel Expert" job offers: They’re parcel mule scams Update Chrome to patch critical browser security flaws Fake domain renewal emails trick website owners into paying scammers Elite networ...

Malicious code in loadutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...

MAL-2026-6580 Malicious code in loadutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...

EUVD-2026-40025

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

Malicious code in pino-debugging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f34694171d099a29f77430359b02afb82c2333967feb1ec6e0bd845b98244b9 Package name impersonates the legitimate pino-debug. The main entry index.js requires a transitive dependency 'loadutils' that pulls a further...

MAL-2026-6583 Malicious code in pino-debugging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f34694171d099a29f77430359b02afb82c2333967feb1ec6e0bd845b98244b9 Package name impersonates the legitimate pino-debug. The main entry index.js requires a transitive dependency 'loadutils' that pulls a further...

hwpoc

Vulnerability Database for Intrusion Prevention Systems This...

kernel: selinux: fix overlayfs mmap() and mprotect() access checks

A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for mmap and mprotect operations. This oversight could allow a local attacker to bypass intended security policies, potential...

kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

A flaw was found in the Linux kernel, specifically within the RDMA Remote Direct Memory Access vmwpvrdma module. This vulnerability is a double free, which means the system attempts to release the same memory resource twice. This can occur in an error handling path within the pvrdmaallocucontext...

Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e On npm install, scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcode...

MAL-2026-6582 Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e On npm install, scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcode...

Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

MAL-2026-6581 Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

Malicious code in @thone33/core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05561d1a31165dab72c5090437ccfa7a85035a2b4fdf6a646eca59b62dd87120 @thone33/core-utils 1.0.4 is a loader stub. Its main entry index.js imports activate from the same-author dependency @thone33/analytics-injector and...

MAL-2026-6564 Malicious code in @thone33/core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05561d1a31165dab72c5090437ccfa7a85035a2b4fdf6a646eca59b62dd87120 @thone33/core-utils 1.0.4 is a loader stub. Its main entry index.js imports activate from the same-author dependency @thone33/analytics-injector and...

Important: Red Hat Security Advisory: perl:5.32 security update

An update for the perl:5.32 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

Important: Red Hat Security Advisory: perl-Archive-Tar security update

An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

Malicious code in express-mocha-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d87351be0d9f68d73ec05867e55fe5712d4885fa76c70c5ec9b003ef512825 [email protected] declares a postinstall lifecycle hook that loads the package's main module, which calls fetch against an anonymous...