dbtr (>=0.3.0 <=0.3.6), dbtr-lt (=0.3.5) +1 more potentially affected by unknown CVE via elementary-data (>=0.15.1 <=0.23.4)

elementary-data PYPI version =0.15.1, =0.3.0, =0.1.2, =0.1.4 Source cves: unknown CVE Source advisory: SNYK:PYTHON-ELEMENTARYDATA-16316110...

Bad Apples: Weaponizing native macOS primitives for movement and execution

As macOS adoption grows among developers and DevOps, it has become a high value target; however, native "living-off-the-land" LOTL techniques for the platform remain significantly under-documented compared to Windows. Adversaries can bypass security controls by repurposing native features like...

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shar...

Security Bulletin: MANTA Automated Data Lineage for IBM Cloud Pak for Data is vulnerable to Critical Security Vulnerability in React Server Components CVE-2025-55182

Summary MANTA Automated Data Lineage for IBM Cloud Pak for Data is affected by React Server Components CVE-2025-55182. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1...

Friday Squid Blogging: Vampire Squid Genome

The vampire squid Vampyroteuthis infernalis has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That's more than twice as large as the biggest squid genomes. It's technically not a squid: "The vampire squid is a fascinating twig tenaciously hanging onto the cephalop...

EUVD-2021-0015

Malware in sbrugna...

EUVD-2023-26591

Malicious code in bioql PyPI...

EUVD-2021-32218

Malicious code in bioql PyPI...

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Match 360 On Cloud Pak for Data

Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have now addressed. Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Jav...

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. "A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims t...

Malicious code in a-vailable-al-bum-file-celestial-lineage-vy1yv-mrqeyp (npm)

The package a-vailable-al-bum-file-celestial-lineage-vy1yv-mrqeyp was found to contain malicious code...

MAL-2025-13928 Malicious code in a-vailable-al-bum-file-celestial-lineage-vy1yv-mrqeyp (npm)

The package a-vailable-al-bum-file-celestial-lineage-vy1yv-mrqeyp was found to contain malicious code...

CVE-2023-22428

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to vEL8.60.2347 MR6, vEL8.50 prior to vEL8.50.2831MR8, vEL8.40 a...

CVE-2021-45447

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...

Security Bulletin: MANTA Automated Data Lineage is vulnerable to an authorization check bypass

Summary Next.js is used by MANTA Automated Data Lineage as part of the UI. CVE-2025-29927. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and...

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog On Cloud Pak for Data

Summary Lineage component is an internal component of IBM Knowledge Catalog On Cloud Pak for Data. Vulnerabilities in Java are affecting Lineage component of IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified...

MAL-2024-12279 Malicious code in google-cloud-datacatalog-lineage-producer-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 73ea760146181d2911e0823c121502506892b2e63d3fc20d6281fb2c86e03de8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...

MAL-2024-1667 Malicious code in @wdp-gov/lineage-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b30855ea8cc386194da24bd8f34fefc9372384eef6482801222bd4b23fa7a172 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @ks-radar/radar-blood-lineage-collect (npm)

--- -= Per source details. Do not edit below this line.=-...