Prettier eslint-config-prettier Embedded Malicious Code Vulnerability

Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2019-11687

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems,...

EUVD-2018-18503

Malware in sbrugna...

EUVD-2018-14340

Malware in sbrugna...

EUVD-2017-16789

Malware in sbrugna...

CVE-2023-28904

creationtimestamp| type| source ---|---|--- 2025-06-28 15:55:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19813 2025-06-28 18:22:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsorjqkqoa2m...

CVE-2025-30641

A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2022-0989

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain...

CVE-2018-15734

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206B...

CVE-2010-3496

McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection...

Cortex XDR Agent: Local Windows User Can Disable the Agent

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activit...

Backdoor.Win32.NetSpy.10 Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e677149c35cbba118655d9b133da8827.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetSpy.10 Vulnerability: Heap Corruption Description: The malware listens on TCP port...

A week in security (January 11 – January 17)

Last week on Malwarebytes Labs, we looked at IoT problems, Microsoft’s Patch Tuesday, and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy, and asked if MSPs have picked the right PSA. Other cybersecurity news Hot phishing targets: Some...

This Service Helps Malware Authors Fix Flaws in their Code

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne'er-do-wells to liberate or else seize...

Decryption Utility Unlocks Files Encrypted by Jaff Ransomware

A weakness discovered in Jaff ransomware by researchers has led to the creation of decryption keys to unlock files locked by the malware. “We have found a vulnerability in Jaff’s code for all the variants to date. Thanks to this, it is now possible to recover users’ files encrypted with the .jaff...

Apple iOS 8.1.1 Fixes Several Code-Execution Flaws

Apple has patched 10 vulnerabilities in iOS, including a pair of bugs that allowed arbitrary code execution and one that enables an attacker to run random binaries on a target device. The patches come in iOS 8.1.1, a small update to the company’s mobile operating system. There are several serious...