Malicious code in nafeesashraf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5f315f0294a2750acd2e3af3c6e7713a2baf23f98da0cb50ab7bfe4e76f3519 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nana-kue11-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33215a645d6869119267c5f8139cce98b2a94065ba4fc0ba74be68781e4e45a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent...

EUVD-2020-19129

Malware in sbrugna...

Malicious code in @juigorg/beatae-ab-aspernatur (npm)

The package @juigorg/beatae-ab-aspernatur was found to contain malicious code...

MAL-2025-41057 Malicious code in zooarchaeology-uglify-js-decoherence-bootes (npm)

The package zooarchaeology-uglify-js-decoherence-bootes was found to contain malicious code...

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led t...

New BLISTER Malware Update Fuelling Stealthy Network Infiltration

An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control C2 framework called Mythic. "New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers...

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an...

Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware

The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a "fatal" operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two...

LofyLife: malicious npm packages steal Discord tokens and bank card data

On July 26, using the internal automated system for monitoring open-source repositories, we identified four suspicious packages in the Node Package Manager npm repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign...

This New Stealthy JavaScript Loader Infecting Computers with Malware

Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans RATs and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for...

CVE-2020-26584

An issue was discovered in Sage DPW 202006x before 202006002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can ...

Spoofing

An issue was discovered in Sage DPW 202006x before 202006002. It allows unauthenticated users to upload JavaScript in a file via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include...

CVE-2020-26584

An issue was discovered in Sage DPW 202006x before 202006002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can ...

CVE-2020-26583

Sage DPW 2020_06_x before 2020_06_002 is affected by CVE-2020-26583: unauthenticated users can upload JavaScript in the expenses claiming feature, but viewing requires authentication, enabling persistent HTML/JS injection into pages. Impact includes content alteration, redirection, and potential ...

Mysql.com hacked, serving BlackHole exploit malware

Mysql.com hacked, serving BlackHole exploit malware MySQL.com website is currently hacked and compromised with a JavaScript malware and serving malware to anyone visiting it. The mysql.com website is injected with a script that generates an iFrame that redirects the visitors to...