338 matches found
EUVD-2022-40847
Malicious code in bioql PyPI...
EUVD-2022-41154
Malicious code in bioql PyPI...
pasta
The repository is a collection of code snippets and notes for learning PHP, specifically for those studying the language. The code snippets cover a range of topics, including forms, good coding practices, interview tasks, and database-related concepts. The repository is organized into several...
offensiveinterview
It is an offensive tool for penetration testing and red teaming. The repository contains a collection of interview questions to screen offensive red team/pentest candidates, categorized into open-ended, knowledge-based, and scenario-based questions. The questions cover various topics such as...
Malicious code in frontend-eng-interview (npm)
The package frontend-eng-interview was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f09fffefe345d37955487a3e97f7811a5efdbd3449f11fbaac021e1d542b3793 Any computer that has this package installed or running should be considered full...
MAL-2025-47060 Malicious code in frontend-eng-interview (npm)
The package frontend-eng-interview was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f09fffefe345d37955487a3e97f7811a5efdbd3449f11fbaac021e1d542b3793 Any computer that has this package installed or running should be considered full...
Cindy Cohn Is Leaving the EFF, but Not the Fight for Digital Rights
After 25 years at the Electronic Frontier Foundation, Cindy Cohn is stepping down as executive director. In a WIRED interview, she reflects on encryption, AI, and why she’s not ready to quit the battle...
This Week in Spring - September 9th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...
Establishing a Baseline of Software Supply Chain Security Task Adoption by Software Organizations
Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: 1 software components; 2 the build infrastructure; and 3 humans a.k.a software practitioners. Software supply chain risk management frameworks provide a list of...
Netflix scammers target jobseekers to trick them into handing over their Facebook logins
In what seems a phishing attack targeted at a certain audience, scammers are impersonating Netflix and reaching out to marketing staff. The initial mail looks like what you might expect from a headhunter or a human resources HR recruitment specialist. "I hope this note finds you well," the email...
Securing Tomorrow: An Interview with Trend Micro VP of Product Management Michael Habibi
Proactive security in a rapidly evolving threat landscape...
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have...
A Bootiful Podcast: DevOps and AI luminary Patrick Debois
Hi, Spring, cloud native, and AI fans! In this installment, I had the opportunity to briefly sit down and talk with DevOps and AI luminary Patrick Debois, from the amazing Devoxx UK 2025 show...
Malicious code in interview-coder-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7544d4b6f6bedbc4b2c443dea83d3edf5047cfe7335e138c3060870e7921374d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-3449
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit...
CVE-2022-2679
A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input UPDATEXML9729,CONCAT0x2e,0x716b707071,SELECT...
CVE-2022-38576
Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand=...
CVE-2022-2685
A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input leads to cross site scripting. The attack may be initiated...
CVE-2025-48137
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in proxymis Interview interview allows SQL Injection.This issue affects Interview: from n/a through = 1.01...
CVE-2025-48137
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01...