Decentralized Threat: Stealthy P2P Cryptominer Targeting Ollama Endpoints

The Akamai SIRT uncovered a custom P2P Trojan masquerading as system activity. Learn how to detect and mitigate this stealthy Go-based cryptominer...

Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

Malicious code in strapi-plugin-server (npm)

strapi-plugin-server is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

Malicious Package

Overview strapi-plugin-blurhash is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren...

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine EVM unit helper tool. The Rust crate,...

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers...

EUVD-2000-0288

Malware in sbrugna...

EUVD-2001-1378

Malware in sbrugna...

EUVD-2009-1281

Malware in sbrugna...

p0wnedShell

This is an offensive PowerShell host application written in C that runs PowerShell commands and functions within a PowerShell runspace environment. It includes various offensive PowerShell modules and binaries to facilitate post-exploitation activities, such as bypassing mitigations and creating...

Malicious Package

Overview zpregister is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

CVE-2025-45997

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg...

CVE-2024-20497

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

MAL-2025-191834 Malicious code in pyinite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ed8f43159750189f4cea17185b5ee087dda83db8574bf258010068c524fc723 File is designed to download, hide under system-like name, and run a remote executable, widely identified as malicious. --- Category: MALICIOUS - The campaign...

The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks

Microcontroller-based IoT devices often use embedded real-time operating systems RTOSs. Vulnerabilities in these embedded RTOSs can lead to compromises of those IoT devices. Despite the significance of security protections, the absence of standardized security guidelines results in various levels...

CAIBA: Multicast Source Authentication for CAN through Reactive Bit Flipping

Controller Area Networks CANs are the backbone for reliable intra-vehicular communication. Recent cyberattacks have, however, exposed the weaknesses of CAN, which was designed without any security considerations in the 1980s. Current efforts to retrofit security via intrusion detection or message...

FlatPress 跨站脚本漏洞

FlatPress is a lightweight, easy-to-setup flat file blogging engine from the FlatPress open source. A cross-site scripting vulnerability exists in FlatPress, which stems from a JavaScript payload masquerading as a filename in the file upload function, which could lead to a cross-site scripting...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the mediapool/media page. An attacker can execute malicious code and potentially distribute malware by uploading a file with a modified filename and content-type to masquerade as a benign file type, then tricki...

Mozilla多款产品 安全漏洞

Mozilla Firefox and others are products of the Mozilla Foundation in the U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of e-mail client software that is separate from the Mozilla...

PT-2025-3702 · B&R · B&R Automation Runtime +1

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to 6.1 B&R mapp View versions prior to 6.1 Description: A "Use of a Broken or Risky Cryptographic Algorithm" issue in the SSL/TLS component may be exploited by unauthenticated network-based attackers to...