MAL-2026-5484 Malicious code in mcp-server-sequential-thinking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed Unscoped package impersonating the official @modelcontextprotocol/server-sequential-thinking MCP server. package.json declares postinstall: 'node...

Malicious code in getd-handler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83398d27bb84d47296f796b4b2e6e9b5a0efc474add2e57592455e7d5d54eab5 On npm install, postinstall.js collects the installer's hostname, username, platform, current working directory, and CI-related environment variables...

MAL-2026-4487 Malicious code in audit-logsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f1d266fef23fc79d6af52affefa68c2220baad023d09a7acc4d439a23dfdb69 The package's postinstall script executes shell reconnaissance id || ver && whoami && hostname, fetches the installer's public IP from api.ipify.org,...

MAL-2026-4490 Malicious code in auth0-templates-scripts-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9a505fcbf6daef28b6625dcbde65ea1dd00b01c1a684debfdedfc7e5bc3643 Package name impersonates the Auth0 ecosystem. Its postinstall hook node index.js runs unconditionally on npm install and performs a multi-stage data...

MAL-2026-3757 Malicious code in claw-subagent-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36657c2be433b784c573082d364304325acccf033f70df17dbfe104b0173ccbe claw-subagent-service installs itself as a privileged auto-starting system service Windows service via post-install.js svc.install, with documented...

PentestEval: Benchmarking LLM-Based Penetration Testing with Modular and Stage-Level Design

Penetration testing is essential for assessing and strengthening system security against real-world threats, yet traditional workflows remain highly manual, expertise-intensive, and difficult to scale. Although recent advances in Large Language Models LLMs offer promising opportunities for...

EUVD-2020-28006

Malware in sbrugna...

EUVD-2021-19678

Malware in sbrugna...

EUVD-2023-46241

Malicious code in bioql PyPI...

EUVD-2023-46237

Malicious code in bioql PyPI...

EUVD-2023-54103

Malicious code in bioql PyPI...

IBM Analytics Content Hub 安全漏洞

IBM Analytics Content Hub is a clean streaming experience from International Business Machines IBM that visualizes relevant analytics by extracting content from IBM and other analytics providers. A security vulnerability exists in IBM Analytics Content Hub versions 2.0, 2.1, 2.2, and 2.3, which...

CVE-2025-48927

creationtimestamp| type| source ---|---|--- 2025-05-28 18:14:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114586815688198231 2025-05-28 19:40:21+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lqaxgz2uub2z 2025-07-01 05:10:43+00:00| exploited|...

CVE-2023-48680

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 macOS, Windows before build 37391...

CVE-2023-44213

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 35739, Acronis Cyber Protect 16 Windows before build 37391...

CVE-2023-41745

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30991, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...

Google to pay $1.38 billion over privacy violations

The state of Texas reached a mammoth financial agreement with Google last week, securing $1.375 billion in payments to settle two three year-old lawsuits. The Office of Texas Attorney General Ken Paxton originally filed the first lawsuit against Google in January 2022, complaining that the tech...

Exploit for Deserialization of Untrusted Data in Spip

SPIP CVE-2023-27372 Unauthenticated RCE Exploit Web Shell Upl...

Malvertising campaign leads to info stealers hosted on GitHub

In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that impacted nearly one million devices globally in an opportunistic attack to steal information. The attack originated from illegal streaming websites embedded with malvertising redirectors, leadi...

CVE-2025-25247

creationtimestamp| type| source ---|---|--- 2025-02-10 06:47:44+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lhskexvqmu2y 2025-02-10 11:24:34+00:00| seen| https://infosec.exchange/users/cve/statuses/113979337853157909 2025-02-10 12:16:18+00:00| seen|...