MAL-2026-5714 Malicious code in vite-plugin-logo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b107e832dfd60ded8637d9a6db69c980eae13bde79da4cd01d69c5a1110aca2b On require, index.js walks up to 5 parent directories searching for public/assets/logo.png, scans the file bytes for the marker VITEASSETCACHEv1,...

Malicious Package

Overview thebigyahu is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

Malicious Package

Overview crazynut is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

Decentralized Threat: Stealthy P2P Cryptominer Targeting Ollama Endpoints

The Akamai SIRT uncovered a custom P2P Trojan masquerading as system activity. Learn how to detect and mitigate this stealthy Go-based cryptominer...

Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

Malicious code in strapi-plugin-server (npm)

strapi-plugin-server is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

Malicious Package

Overview strapi-plugin-blurhash is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren...

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine EVM unit helper tool. The Rust crate,...

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers...

EUVD-2000-0288

Malware in sbrugna...

EUVD-2001-1378

Malware in sbrugna...

EUVD-2009-1281

Malware in sbrugna...

p0wnedShell

This is an offensive PowerShell host application written in C that runs PowerShell commands and functions within a PowerShell runspace environment. It includes various offensive PowerShell modules and binaries to facilitate post-exploitation activities, such as bypassing mitigations and creating...

Malicious Package

Overview zpregister is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

CVE-2025-45997

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg...

CVE-2024-20497

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

MAL-2025-191834 Malicious code in pyinite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ed8f43159750189f4cea17185b5ee087dda83db8574bf258010068c524fc723 File is designed to download, hide under system-like name, and run a remote executable, widely identified as malicious. --- Category: MALICIOUS - The campaign...

The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks

Microcontroller-based IoT devices often use embedded real-time operating systems RTOSs. Vulnerabilities in these embedded RTOSs can lead to compromises of those IoT devices. Despite the significance of security protections, the absence of standardized security guidelines results in various levels...

CAIBA: Multicast Source Authentication for CAN through Reactive Bit Flipping

Controller Area Networks CANs are the backbone for reliable intra-vehicular communication. Recent cyberattacks have, however, exposed the weaknesses of CAN, which was designed without any security considerations in the 1980s. Current efforts to retrofit security via intrusion detection or message...

FlatPress 跨站脚本漏洞

FlatPress is a lightweight, easy-to-setup flat file blogging engine from the FlatPress open source. A cross-site scripting vulnerability exists in FlatPress, which stems from a JavaScript payload masquerading as a filename in the file upload function, which could lead to a cross-site scripting...