Malicious code in @zizie071/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6d5096096e7e958916c5449a7480949135e6af5cd9acd4e1b1edab8c331163 On require, index.js schedules install.js which locates the installer's @whiskeysockets/baileys package on disk and overwrites lib/Socket/newsletter....

Malicious code in vida-bubur98-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fb38cc147aa1e34b2d3f48b8e52d0b7cc01ff7502310d2b26d04b2987aee6d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yanti-naget70-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ef59049e995d677236cffa7f3a4f4d53463d4ff1b3b1da6a26ae72fb514016e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

PT-2024-8959

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric FA Connector SCADA-system GENESIS64 versions 10.97.2 through 10.97.3 ICONICS GENESIS64 versions 10.97.2 through 10.97.3 Description The issue is related to the presence of dead code in the GENESIS64 system, which can be...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...