35 matches found
EUVD-2026-21895
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection...
CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection...
EUVD-2026-11249
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
CVE-2026-0230
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
CVE-2026-0230
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
Malicious code in ilal-poke20 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2aba21af28a3b95d95492fdbd73d11afb668d46d64cf16c53cadc8941b2e41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-167692 Malicious code in teagood-namakai38 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a68fa02524749f958eb11fdb3e6736386fea45da0055a6a7e6004170a6d0b0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-118917 Malicious code in bella-lapis14-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1446e67826d345734a6b3e6c3d1a980485e25249d5f124c10639144adc72f542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teherbal-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde2e2e3da2788e53a5c3687892652b83117b6f3c79c3e8ce5eb6a2667a1b8c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-87390 Malicious code in kresna-brongkos1-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73db9bf4b8fefc36231554be7cf80d54899a145d8cce17d16713a71d335c8a4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jaja-mendut94-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c34d2792b10b4d5a193e8edfdfc5fd2c5b9e54c7611f36db2c72367fffe36d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C
Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware...
Malicious code in ark-experience (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3390fa937ce615a9cf2e911edd90f9f2e03376c02c4a2f1642d3c9a9fdd4f291 Any computer that has this package installed or running should be considered...
MAL-2025-48368 Malicious code in ios-signing-common (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bfb96a60459a153a9a22586c87b5bf6e35ecf604760a4de43b056c3de5127f6 Any computer that has this package installed or running should be considered...
EUVD-2025-15139
Malicious code in bioql PyPI...
MAL-2025-47409 Malicious code in sbrugna (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3eb6e4038d15cc9e9407d28d2c69d0217e22a392a0fe3305ee324be95d9f75 Any computer that has this package installed or running should be considered...
Malicious code in github-socket-worker (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in so-demo (npm)
The package communicates with a domain associated with malicious activity...
CVE-2025-0121
A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it...