1358 matches found
Finding Software Supply Chain Attack Paths with Logical Attack Graphs
Cyberattacks are becoming increasingly frequent and sophisticated, often exploiting the software supply chain SSC as an attack vector. Attack graphs provide a detailed representation of the sequence of events and vulnerabilities that could lead to a successful security breach in a system. MulVal ...
CISA and Partners Release Advisory Update on Akira Ransomware
Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, StopRansomware:...
Unleashing the Kraken ransomware group
In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...
Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2020-14145)
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...
Gladinet Triofox Improper Access Control Vulnerability
Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete...
Security update for the Linux Kernel
This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...
Security update for the Linux Kernel
This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...
EUVD-2025-79020
Malicious code in initialmackerelz3n npm...
MAL-2025-104201 Malicious code in initial_mackerel_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 981fc7a4a0a673cc6bb1a226077b9d702f5c4784d6cf26d08088834568dd9d6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-68893 Malicious code in initial-beige-leech (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58044d381c1d0493d05ed67b8f291bd04bd3373df00463459d6a6678e1802a8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-68894 Malicious code in initial-indigo-dingo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 902c8c8f4be2199ec74693de9f9bdc8f79db3770eb30194728df45934ea0bc79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-53753
Malicious code in initial-red-mandrill npm...
EUVD-2025-53751
Malicious code in initial-yellow-impala npm...
MAL-2025-68895 Malicious code in initial-purple-toad (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c5b9d9f5f99e721c6dd6a4832f73f6d6d4a0d8231fbd1dc72f2028d48112ad3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-53755
Malicious code in initial-indigo-dingo npm...
EUVD-2025-53756
Malicious code in initial-beige-leech npm...
EUVD-2025-53752
Malicious code in initial-tomato-cardinal npm...
EUVD-2025-53754
Malicious code in initial-purple-toad npm...
Malicious code in initial-red-mandrill (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55e3c92896e161e5a58d2608703518b87af1d886e2a43d57ca1236b9ad114244 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in initial-yellow-impala (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffecbd5eaa570a450f38f5a39399b8722e79d7e63e97095dbfed9adf168eeada This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...