449 matches found
MAL-2026-6678 Malicious code in ts-linting-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence...
Security Bulletin: XcodeGhost iOS malware
Question Security Bulletin: XcodeGhost iOS malware "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...
Pirated PC games are delivering password-stealing malware
A new Windows malware campaign hides inside pirated PC games and modified installers for franchises like Far Cry, Need for Speed, FIFA, and Assassin’s Creed. Researchers estimate that more than 400,000 devices worldwide have been infected, with around 30,000 users in the US. The infection method ...
Malicious code in executor-engine (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...
Malicious code in nucbox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0357c6b685cea74f9200e3e7df019e807e34eac6518ec83f1a5a654c35d97959 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
Malicious code in executor-http (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...
Malicious code in orchestr8-platform (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9526ae43236ac15964b307175384455975ace26d8157ef3c41ed8db8192562 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
MAL-2026-5296 Malicious code in magique (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b441b436c1f6aeba65c2af68c71655ed5aac95b0eb2ae4c402fc090c475ba887 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
MAL-2026-5324 Malicious code in pyphetools (PyPI)
The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...
MAL-2026-5280 Malicious code in bramin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827 bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup system-wide, not only when bramin is imported. The.pth...
MAL-2026-5319 Malicious code in mem8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c765c6eef25d18c5a10057d62908ac3bc1ece86e39a9807683834fb7f896b52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
MAL-2026-5278 Malicious code in spateo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
MAL-2026-5281 Malicious code in executor-http (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...
An Analysis of Attack Vectors against FIDO2 Authentication
Phishing attacks remain one of the most prevalent threats to online security, with the Anti-Phishing Working Group reporting over 890,000 attacks in Q3 2025 alone. Traditional password-based authentication is particularly vulnerable to such attacks, prompting the development of more secure...
Malicious code in @spoonflower/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29845a092ba3a019d35adbb88e7fb15512c600cb11fceab06cb845fca75dbd2 The package @spoonflower/ui was found to contain malicious code. Source: ghsa-malware 68f97ac64dba33bf11aa1a9ae810a78f7fb21470e2ccce80e8975cc56d012a7...
Embedded Malicious Code
Overview @emilgroup/gdv-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM...
Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild
A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites...
Malicious code in vitest-globals (npm)
The package 'vitest-globals' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
Feds Takes Down SocksEscort Proxy Network Used in Global Fraud Schemes
European and US agencies dismantled the SocksEscort proxy network built on infected routers and used by cybercriminals in global fraud schemes...