Lucene search
+L

449 matches found

OSV
OSV
added 2026/06/30 2:10 p.m.6 views

MAL-2026-6678 Malicious code in ts-linting-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...

6AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/22 9:11 a.m.29 views

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence...

6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.16 views

Security Bulletin: XcodeGhost iOS malware

Question Security Bulletin: XcodeGhost iOS malware "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

5.4AI score
Exploits0Affected Software1
Malwarebytes
Malwarebytes
added 2026/06/08 10:53 a.m.48 views

Pirated PC games are delivering password-stealing malware

A new Windows malware campaign hides inside pirated PC games and modified installers for franchises like Far Cry, Need for Speed, FIFA, and Assassin’s Creed. Researchers estimate that more than 400,000 devices worldwide have been infected, with around 30,000 users in the US. The infection method ...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.13 views

Malicious code in executor-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.16 views

Malicious code in nucbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0357c6b685cea74f9200e3e7df019e807e34eac6518ec83f1a5a654c35d97959 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.18 views

Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...

5.7AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.16 views

Malicious code in orchestr8-platform (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9526ae43236ac15964b307175384455975ace26d8157ef3c41ed8db8192562 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References5
OSV
OSV
added 2026/06/06 6:13 a.m.14 views

MAL-2026-5296 Malicious code in magique (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b441b436c1f6aeba65c2af68c71655ed5aac95b0eb2ae4c402fc090c475ba887 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References6
OSV
OSV
added 2026/06/06 6:13 a.m.10 views

MAL-2026-5324 Malicious code in pyphetools (PyPI)

The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/06 6:13 a.m.20 views

MAL-2026-5280 Malicious code in bramin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827 bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup system-wide, not only when bramin is imported. The.pth...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/06/06 6:13 a.m.13 views

MAL-2026-5319 Malicious code in mem8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c765c6eef25d18c5a10057d62908ac3bc1ece86e39a9807683834fb7f896b52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References5
OSV
OSV
added 2026/06/06 6:13 a.m.12 views

MAL-2026-5278 Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/06/06 6:13 a.m.14 views

MAL-2026-5281 Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...

5.7AI score
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.20 views

An Analysis of Attack Vectors against FIDO2 Authentication

Phishing attacks remain one of the most prevalent threats to online security, with the Anti-Phishing Working Group reporting over 890,000 attacks in Q3 2025 alone. Traditional password-based authentication is particularly vulnerable to such attacks, prompting the development of more secure...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.10 views

Malicious code in @spoonflower/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29845a092ba3a019d35adbb88e7fb15512c600cb11fceab06cb845fca75dbd2 The package @spoonflower/ui was found to contain malicious code. Source: ghsa-malware 68f97ac64dba33bf11aa1a9ae810a78f7fb21470e2ccce80e8975cc56d012a7...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/03/19 11:0 p.m.7 views

Embedded Malicious Code

Overview @emilgroup/gdv-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM...

9.8CVSS5.8AI score
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2026/03/18 2:0 p.m.9 views

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.10 views

Malicious code in vitest-globals (npm)

The package 'vitest-globals' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...

5.5AI score
Exploits0References3
HackRead
HackRead
added 2026/03/12 7:6 p.m.8 views

Feds Takes Down SocksEscort Proxy Network Used in Global Fraud Schemes

European and US agencies dismantled the SocksEscort proxy network built on infected routers and used by cybercriminals in global fraud schemes...

5.8AI score
Exploits0
Rows per page
Query Builder