Lucene search
+L

1498 matches found

Securelist
Securelist
added 3 days ago18 views

HelloNet campaign — new malicious modules launched through the ViPNet update system

UPD 16.07.2026: Added rules to protect companies using our SIEM system Kaspersky SIEM, and listed events for developing custom detection rules or conducting Threat hunting. UPD 16.07.2026: Added detection of the malicious activity using Kaspersky Managed Detection and Response. UPD 16.07.2026:...

6.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago9 views

Malicious code in nottuff16 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 570cc848bb0e31176fc13945f1cfbd39b64a671de7e2d1913b6951513c0b21b8 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/07/07 3:6 p.m.12 views

MAL-2026-6925 Malicious code in typescript-base58 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b860a9c4960f55c236ca5e14781f5dcfb60752d4367cb9aeb30762d3b023004e [email protected] is a one-line re-export of the 'base58-core' package. The README advertises 'Zero dependencies' while package.json declares a...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.16 views

Malicious code in autotel-eventcatalog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21a008fc4c3a9bff3d0c920364ff6e56ab62ff607408a040e7e959ad3cb461d9 No concrete installer-harm evidence was identified for this package version. No lifecycle-script droppers, credential reads, hardcoded exfiltration...

6AI score
Exploits0References8
OSV
OSV
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5218 Malicious code in autotel-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1bce8c001a8e85b493ccdd8af1e3e57f3578d1026e6d5d147374b0a68467313 autotel-devtools ships bundled CommonJS and ESM artifacts dist/cli.cjs, dist/cli.js, dist/index.cjs, dist/index.js, dist/server/index.cjs,...

6.2AI score
Exploits0References11
OSV
OSV
added 2026/06/05 12:53 a.m.9 views

MAL-2026-5264 Malicious code in node-env-resolver-dotenvx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1935de81fae9e35f6c7373f982092558f30d269b205a6edf0d847fb86d0bf3b5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References4
Snyk
Snyk
added 2026/06/02 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/01 11:54 a.m.44 views

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/26 1:7 p.m.23 views

Fake software on GitHub and SourceForge distribute Deno RAT

During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links ...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/05/20 10:4 p.m.9 views

How a Webmail Log File Became a Root-Level Backdoor

THREAT ANALYSIS May 2026 · Forensic Case Study A forensic breakdown of how an attacker turned CyberPanel's SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. A WordPress site owner reported redirect malware on their site. They found that clicking anywhere...

6.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.25 views

Malicious code in @antv/g6-wx (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.15 views

MAL-2026-3995 Malicious code in @antv/g6-react-node (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/05/18 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.8 views

Embedded Malicious Code

Overview durabletask is an A Durable Task Client SDK for Python Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a malicious payload. A malicious actor linked to the @antv appears to have compromised the GitHub account associated with the package and dumpe...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 8:9 p.m.10 views

Malicious code in async-http-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 85e8a68bad6595a817f1dabed757662e2a04cfec7b45a86d9bfd61a7a78d14d1 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/04/30 3:48 p.m.12 views

Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do

More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child's among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date. Between October 2025 and January 2026, the hacking group is sa...

5.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 12:7 a.m.4 views

Malicious code in getcardslib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88c984b34b3bacb405ca57d999a20be2a2c4c1b3ad75fa7e60f8d6e814b30ab5 The package getcardslib was found to contain malicious code. Source: ghsa-malware ce7e3143ce06f31e15162fef48924c625caddc3e6cc75c9640b053c38ad2665c An...

5.7AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/03/26 5:39 p.m.8 views

Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka

A previously undocumented macOS infostealer has surfaced during our routine threat hunting. We initially tracked it as NukeChain , but shortly before publication, the malware’s operator panel became publicly visible, revealing its real name: Infiniti Stealer. This malware is designed to steal...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/20 11:38 a.m.9 views

That “job brief” on Google Forms could infect your device

We've identified a campaign using business-related lures, such as job interviews, project briefs, and financial document, to distribute malware, including the PureHVNC Remote Access Trojan RAT. It's not the malware that's new, but how the attack starts. Instead of the usual phishing email or fake...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/19 7:16 p.m.9 views

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard...

5.8AI score
Exploits0
Rows per page
Query Builder