Malicious code in sysbu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d7e10321db9abd5e77b0f656d5fac237968ecd79c0ce409b58ee555fb5b236 Despite advertising itself as a 'System binary configuration tool', sysbu's index.js unconditionally invokes startApp on require/CLI execution. If...

MAL-2026-5616 Malicious code in sysbu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d7e10321db9abd5e77b0f656d5fac237968ecd79c0ce409b58ee555fb5b236 Despite advertising itself as a 'System binary configuration tool', sysbu's index.js unconditionally invokes startApp on require/CLI execution. If...

RadKey: An LLM-Guided RF Backscatter System for Through-Wall Keystroke Inference

In today's digitally connected world, keyboards remain the primary interface for inputting sensitive information, making them a persistent target for eavesdropping attacks. While prior keystroke inference techniques have exploited side-channel signals such as acoustics and vibrations, they...

Exploit for Improper Authentication in Google Android

DEDSECBKIF DEDSECBKIF is a keystroke injection tool for Androi...

Malicious code in forge-jsxy (npm)

forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...

MAL-2026-3609 Malicious code in forge-jsxy (npm)

forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...

Juniper Junos OS Multiple Vulnerabilities (JSA92873)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA92873 advisory. - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 inclusive may allow arbitrary code execution with root privileges. Successful exploitation has...

QUACK! Making the (Rubber) Ducky Talk: A Systematic Study of Keystroke Dynamics for HID Injection Detection

Modern computing systems inherently trust human input devices, creating an exploitable attack surface for adversarial automation. USB Human Interface Device HID emulation attacks, such as those enabled by the USB Rubber Ducky, exploit this assumption to inject arbitrary keystroke sequences while...

Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan RA...

Malicious code in nwin64tls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72555231efbf126e61cb3aa59d3482bc7967af46898e46eb2b9b7f81af8cd40e Importing the module starts a loop that listens to key strokes and on every capslock press exfiltrates screenshot to a hardcoded location. --- Category:...

MAL-2026-2432 Malicious code in nwin64tls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72555231efbf126e61cb3aa59d3482bc7967af46898e46eb2b9b7f81af8cd40e Importing the module starts a loop that listens to key strokes and on every capslock press exfiltrates screenshot to a hardcoded location. --- Category:...

MAL-2026-2431 Malicious code in nwin32tls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a47778618cad57dbc584afdff7ed138032b69c423a9812e1bc8f86c13129f01d Importing the module starts a loop that listens to key strokes and on every capslock press exfiltrates screenshot to a hardcoded location. --- Category:...

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...