MAL-2025-188496 Malicious code in package-zenobia-elektra-geodynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15b0b6d51fb6f3b2c4e9271da9ef0418e408f6a5005898849822bfbf56f5b85f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185263 Malicious code in tunis-kit-bogavotaawfi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b66868234ffc22c54dd48fd0efb37230334117a47d667d8825115ddfe72f840d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sabua-muhufafyu-tadamai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5eb5b9856a6152b96896581ed7e75b4b8f2b068b5fbd8ed6567b7a4096a32e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-41906 Malicious code in @espace-client-axafr/standard-card (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in dessandro-classie (npm)

The package communicates with a domain associated with malicious activity...

UBUNTU-CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

Talkin’ SMAC: Alert Labeling and Why It Matters

If you’ve ever worked in a Security Operations Center SOC, you know that it’s a special place. Among other things, the SOC is a massive data-labeling machine, and generates some of the most valuable data in the cybersecurity industry. Unfortunately, much of this valuable data is often rendered...

Forging a Relationship With Tyler Barriss, the Internet’s Most Hated Swatter

Journalist Brendan Koerner strikes up a jail-cell correspondence with a man charged with instigating a fatal shooting. “Only by peering into the abyss of human malice can we divine how we can muster the strength to forgive the truly lost," he writes...

Free Open Source Self Hosted VirusTotal: Malice

Free Open Source Self Hosted VirusTotal Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.’ Ubuntu Install: Install Go $ sudo add-apt-repository ppa:ubuntu-lxc/lxd-stable $ sudo apt-get updat...

Robert Hansen on DNS Rebinding Attacks and Browser Security

Dennis Fisher talks with security researcher Robert “Rsnake” Hansen about his recent work on DNS rebinding attacks, the poor state of browser security and his new book “Detecting Malice.” Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...