MAL-2025-192201 Malicious code in elf-stats-merry-garland-548 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5b0446bc7b428d52a072e60b18969e2e9b35f19d70d6a77bc8176e76dd14506 The package elf-stats-merry-garland-548 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-47906 Malicious code in react-rails-builds (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5ca9cbf4678da8852200af1f665bf8afcc0debbef676c368fb9d4b762f058be1 The OpenSSF Package Analysis project identified 'react-rails-builds' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in code-processor (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in cycalculator-ybvd (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in ifood-docusaurus-theme (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in plide (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in syf-api (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a36b5dfd63736b61215e259a345ecf4691a6553267af52ff5485d1e5a8889c81 Any computer that has this package installed or running should be considered...

Malicious code in trigger-gitlab-pipeline (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in dummy-loosesight-gc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f78553519ec74b4ac5b242e553f94941b613be837aafdbfebf10f45f36dbdad5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in babetmf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 987c4add9b19c89eba1cda6d715fd3c23f6dce61861e1d345ddedccac23e73ee A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

5 Techniques for Collecting Cyber Threat Intelligence

To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let's consider five...

MAL-2024-7680 Malicious code in sap-bigger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 49ce1a4e6530cdac3d952e9fcaac5dff16e940cb79d6c1e0f5216c3aad04613d The OpenSSF Package Analysis project identified 'sap-bigger' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-1317 Malicious code in tempomati-omega-69-emcuf7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a012c605870034511688f664880e997bc8423cd7707f3de28326adc144f4fb4a The OpenSSF Package Analysis project identified 'tempomati-omega-69-emcuf7' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

The Shady Secrets of Shadow Networks

Shadow networks are side channels to traditional networks, undetected and working quietly in the background alongside what the traditional network was designed to do. Command and Control sometimes referred to as C2 servers maintain links with compromised end points IoT, PCs, Printers etc within a...

One year later: The VPNFilter catastrophe that wasn't

Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. The attacker’s...

Flaw in Twitter form may have been abused by nation states

Twitter announced in a blog post on Monday that they discovered and addressed a security flaw on one of their support forms. The discovery was made on November 15 — more than a month ago — and was promptly fixed the next day. From the Twitter blog on this issue: We have become aware of an issue...

FakeNet-NG: Next Generation Dynamic Network Analysis Tool

As a reverse engineer on the FLARE FireEye Labs Advanced Reverse Engineering team, I regularly perform basic dynamic analysis of malware samples. The goal is to quickly observe runtime characteristics by running binaries in a safe environment. One important task during dynamic analysis is to...

FakeNet-NG: Next Generation Dynamic Network Analysis Tool

As a reverse engineer on the FLARE FireEye Labs Advanced Reverse Engineering team, I regularly perform basic dynamic analysis of malware samples. The goal is to quickly observe runtime characteristics by running binaries in a safe environment. One important task during dynamic analysis is to...

IcoScript RAT Malware Communicates Via Yahoo! Mail

A new remote administration Trojan RAT receives command and control instructions through Yahoo Mail, and could be easily modified to communicate with its authors through Gmail or other popular webmail providers. This new RAT’s significance stems primarily from its ability to elude the notice of...