Exploit for Improper Authentication in Google Android

DEDSECBKIF DEDSECBKIF is a keystroke injection tool for Androi...

Malicious code in forge-jsxy (npm)

forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...

MAL-2026-3609 Malicious code in forge-jsxy (npm)

forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...

Juniper Junos OS Multiple Vulnerabilities (JSA92873)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA92873 advisory. - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 inclusive may allow arbitrary code execution with root privileges. Successful exploitation has...

QUACK! Making the (Rubber) Ducky Talk: A Systematic Study of Keystroke Dynamics for HID Injection Detection

Modern computing systems inherently trust human input devices, creating an exploitable attack surface for adversarial automation. USB Human Interface Device HID emulation attacks, such as those enabled by the USB Rubber Ducky, exploit this assumption to inject arbitrary keystroke sequences while...

Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan RA...

Malicious code in nwin64tls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72555231efbf126e61cb3aa59d3482bc7967af46898e46eb2b9b7f81af8cd40e Importing the module starts a loop that listens to key strokes and on every capslock press exfiltrates screenshot to a hardcoded location. --- Category:...

MAL-2026-2432 Malicious code in nwin64tls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72555231efbf126e61cb3aa59d3482bc7967af46898e46eb2b9b7f81af8cd40e Importing the module starts a loop that listens to key strokes and on every capslock press exfiltrates screenshot to a hardcoded location. --- Category:...

MAL-2026-2431 Malicious code in nwin32tls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a47778618cad57dbc584afdff7ed138032b69c423a9812e1bc8f86c13129f01d Importing the module starts a loop that listens to key strokes and on every capslock press exfiltrates screenshot to a hardcoded location. --- Category:...

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

CVE-2026-20601 affects macOS Tahoe before the 26.3 release. The issue is a permissions flaw that could allow an app to monitor keystrokes without user consent. Apple fixed it in Tahoe 26.3 by applying additional restrictions. Across connected sources, the vulnerability is tied to a local attack v...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

CVE-2026-20601

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission...

Apple macOS Tahoe 安全漏洞

Apple macOS Tahoe is an operating system developed by the American company Apple. Versions of Apple macOS Tahoe prior to version 26.3 contained a security vulnerability. This vulnerability was due to permission issues, and it could allow applications to monitor keystrokes without user consent...