Malicious code in nucbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98ac1a9b5840905b608a09e8e66c73b750c0baa17d6b7789adfc94a8fd815e4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4396c593615517f1abf374bf3621ad44a9d0b5c540aaf8c8e101cd4954f7d7be Versions 0.1.3, 0.1.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

MAL-2026-5281 Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4396c593615517f1abf374bf3621ad44a9d0b5c540aaf8c8e101cd4954f7d7be Versions 0.1.3, 0.1.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

An Analysis of Attack Vectors against FIDO2 Authentication

Phishing attacks remain one of the most prevalent threats to online security, with the Anti-Phishing Working Group reporting over 890,000 attacks in Q3 2025 alone. Traditional password-based authentication is particularly vulnerable to such attacks, prompting the development of more secure...

Malicious code in @spoonflower/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29845a092ba3a019d35adbb88e7fb15512c600cb11fceab06cb845fca75dbd2 The package @spoonflower/ui was found to contain malicious code. Source: ghsa-malware 68f97ac64dba33bf11aa1a9ae810a78f7fb21470e2ccce80e8975cc56d012a7...

Embedded Malicious Code

Overview @emilgroup/gdv-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM...

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites...

Malicious code in vitest-globals (npm)

The package 'vitest-globals' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...

Feds Takes Down SocksEscort Proxy Network Used in Global Fraud Schemes

European and US agencies dismantled the SocksEscort proxy network built on infected routers and used by cybercriminals in global fraud schemes...

Internet Malware Propagation: Dynamics and Control through SEIRV Epidemic Model with Relapse and Intervention

Malware attacks in today's vast digital ecosystem pose a serious threat. Understanding malware propagation dynamics and designing effective control strategies are therefore essential. In this work, we propose a generic SEIRV model formulated using ordinary differential equations to study malware...

Malicious code in claud-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 858992810c1a4133d95b6fa19033c07591db548a46df39b67e0d393d7dd212ad The package claud-code was found to contain malicious code. Source: ghsa-malware 5fe9842d778d45ad5b5e4d81db678d608711dd4b186e053569dae6f210481651 Any...

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

A new distributed denial-of-service DDoS botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab...

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service DDoS attack targeting a single endpoint in Australia that measured 15.72 terabits per second Tbps and nearly 3.64 billion packets per second pps. The tech giant said it was the largest DDo...

EUVD-2025-91074

Malicious code in injuredlarkz3n npm...

MAL-2025-102925 Malicious code in fresh_viper_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c6dfd7a0e721dba0b4778e856a2a8ea442197478a012cd9bec802c57f505074 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Mozilla Firefox Code Execution Vulnerability (CNVD-2025-26886)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that is caused by the use of a WebGPU internal release triggered by an infected child process. An attacker could exploit the vulnerability to...

MAL-2025-49090 Malicious code in quantum-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144aa1474c1b5043966e321c81c29f0fae41f764e0948ee5491baa14a08563b1 The package quantum-packages was found to contain malicious code. Source: ghsa-malware 615e247f6ecd82d6ec0aacb0855b7a222aef75c2834a024b3b99ee38c2e7fb...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that is caused by the use of a WebGPU internal release triggered by an infected child process. An attacker could exploit the vulnerability to...

Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X

New Android malware Baohuo hijacks Telegram X accounts, stealing data and controlling chats. Over 58,000 devices infected, mainly in India and Brazil...