Malicious code in financial-crimes-general-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f201c2aada618cb80f926b029f6b83b3f3bd9ffd0b35d5a4bb0c3aa1afd792 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...

MAL-2026-696 Malicious code in pathfiles (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a96d53709493a07432f8619b9ca322fef0fb4bf9080a02da7e8f6bc03353b3c0 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

Malicious code in imaginative_elk_maroon-63 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9753caebcf493d2601461ff4d592659d7d94e2985362d472cfe7d301a1293f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bayu-keraktelor14-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d5856e9f1c98b001cf095277a2576671f4472ad6e1ca1455ddfd8fab89fbfc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2021-12232

Malware in sbrugna...

EUVD-2023-43230

Malicious code in bioql PyPI...

EUVD-2022-35449

Malicious code in bioql PyPI...

EUVD-2022-35448

Malicious code in bioql PyPI...

EUVD-2022-35450

Malicious code in bioql PyPI...

EUVD-2023-40557

Malicious code in bioql PyPI...

MAL-2025-191778 Malicious code in kraken123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc2f76a61af953726f4fc219f725013ce8b477860b47433b7fc0444994ffcfd5 As even described, the package contains a malicious code collecting large amount of data. The description suggests educational use, yet, the code can cause rea...

Malicious code in tronapihelper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8668b25d81460ff9ac1973c8f9ad6e6092350a4a08d6a4b5ba1fc827a553dc38 Package is prepared to exfiltrate private keys, most probably for Tron cryptocurrency. There is no other purpose of the package --- Category: MALICIOUS - The...

CVE-2025-4280

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

CVE-2017-17553

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...

Expert Tips on How to Spot a Phishing Link

Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links: 1. Check Suspicious URLs Phishing URLs are often long, confusing, o...

4 sneaky scams from 2023

In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. A team of hackers can, say, boost their own info-stealing websites...

PT-2023-30838 · Unknown · Keychainactivity Application

Name of the Vulnerable Software and Affected Versions: KeyChainActivity Application affected versions not specified Description: The issue is related to missing permission checks, resulting in unauthorized access and manipulation in the KeyChainActivity Application. This allows an attacker to...

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index PyPI repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib...

FreeBSD : Grafana -- Privilege escalation (6eb6a442-629a-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6eb6a442-629a-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5....

Input validation

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...