Lucene search
K

13 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:25 p.m.6 views

Malicious code in chalk-ultra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a219b45c3fdcdb883eeb2c7e74d20060af2c788865e7925f911e40276dcd631 chalk-ultra is published under a name that mimics the widely-used chalk package, but its main is a verbatim copy of nodemailer source and its...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:10 p.m.11 views

Malicious code in ing-feat-itsme-oidc-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 175d0dba1f70bc84bcd4e29b57e0f7831248582614cd146af7d1ea6d1d057cd5 On npm install, package.json's preinstall hook executes poc.js, which collects os.hostname, os.userInfo.username, process.cwd, and process.platform,...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 2:49 p.m.11 views

Malicious code in pgrayy-wasmtime (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e The distribution is published as pgrayy-wasmtime but its toplevel.txt declares the top-level import name as wasmtime, and the entire Python source tr...

5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/06 10:0 p.m.5 views

Malicious Package

Overview dev-log-core is a malicious package. This package is the part of North Korea’s Contagious Interview Campaign and contains malicious payload, weaponised to steal credentials, wallets, and enable remote access to affected systems. The package attempts to mimic a legitimate package and the...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/06 10:0 p.m.3 views

Malicious Package

Overview apachelicense is a malicious package. This package is the part of North Korea’s Contagious Interview Campaign and contains malicious payload, weaponised to steal credentials, wallets, and enable remote access to affected systems. The package attempts to mimic a legitimate package and the...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/06 10:0 p.m.3 views

Malicious Package

Overview license-utils-kit is a malicious package. This package is the part of North Korea’s Contagious Interview Campaign and contains malicious payload, weaponised to steal credentials, wallets, and enable remote access to affected systems. The package attempts to mimic a legitimate package and...

9.8CVSS5.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/02/26 10:9 a.m.11 views

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/27 7:59 a.m.11 views

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy , which is assessed to share overla...

7.2AI score
Exploits0
Snyk
Snyk
added 2024/11/22 8:7 a.m.1 views

Malicious Package

Overview claudeai-eng is a malicious package. This package mimics a tool for working with Claude, silently exfiltrating data and compromising developer environments. Remediation Avoid using all malicious instances of the claudeai-eng package. References - Vulnerability Report Credit: Leonid...

9.8CVSS6.9AI score
Exploits0References2
Securelist
Securelist
added 2024/11/06 10:0 a.m.19 views

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Introduction In August 2024, our team identified a new crimeware bundle, which we named "SteelFox". Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular...

7.8CVSS7.7AI score0.00605EPSS
Exploits2
HackRead
HackRead
added 2024/03/02 1:12 p.m.18 views

New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain

By Waqas Bifrost RAT, also known as Bifrose, was originally identified two decades ago in 2004. This is a post from HackRead.com Read the original post: New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/22 6:31 p.m.46 views

Xenomorph banking Trojan downloaded over 50,000 times from Play Store

Besides the name of the creature that “stars” in the Alien movies by 20th Century Fox, Xenomorph is also the name given to an Android banking Trojan. Researchers found this banking Trojan to be distributed on the official Google Play Store, with more than 50,000 installations. The researchers...

2.4AI score
Exploits0
Nmap
Nmap
added 2010/12/13 6:0 p.m.144 views

netbus-version NSE Script

Extends version detection to detect NetBuster, a honeypot service that mimes NetBus. Example Usage nmap -sV -p 12345 --script netbus-version Script Output 12345/tcp open netbus Netbuster honeypot Requires nmap shortport stdnse local nmap = require "nmap" local shortport = require "shortport" loca...

10CVSS9.3AI score0.99448EPSS
Exploits33
Rows per page
Query Builder