1135920 matches found
Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacks
In this article 1. Weston on the future of defense 2. Our latest intelligence and response on npm supply chain attacks 3. Follow the research in the Black Hat Briefings 4. Go deeper in Microsoft sessions 5. Visit booth 2144 for research, community, and hands-on defense 6. Plan your week with...
Malicious code in govpkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 736ef874636ee77d0a5007dea41ad6329e0d5523bfeb5254930985f451a6f6f6 When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The...
Malicious code in easyway2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b70fe150bb8d389d4b3f437dff96763448359cafed12db8139236f3d40b88565 The OpenSSF Package Analysis project identified 'easyway2' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...
MAL-2026-10769 Malicious code in easyway2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b70fe150bb8d389d4b3f437dff96763448359cafed12db8139236f3d40b88565 The OpenSSF Package Analysis project identified 'easyway2' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...
RLSA-2026:40895 Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. Security Fixes: jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution...
jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
An update is available for jackson-modules-base, jackson-databind, jackson-jaxrs-providers, jackson-annotations, jackson-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ROOT-OS-DEBIAN-11-CVE-2026-27171 CVE-2026-27171 in rootio-zlib - Patched by Root
Root has patched CVE-2026-27171 in the rootio-zlib package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2023-45853 CVE-2023-45853 in rootio-zlib - Patched by Root
Root has patched CVE-2023-45853 in the rootio-zlib package for Root:Debian:11. Multiple fixed versions available...
Malicious code in trongridev (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2db83ccb7d07bdacd1bdf7c32fbaa2a7fb40d7bd599e315f25265ca4bb9d3c03 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
MAL-2026-10768 Malicious code in trongridev (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2db83ccb7d07bdacd1bdf7c32fbaa2a7fb40d7bd599e315f25265ca4bb9d3c03 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
ROOT-APP-PYPI-CVE-2026-32274 CVE-2026-32274 in rootio-black - Patched by Root
Root has patched CVE-2026-32274 in the rootio-black package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-21503 CVE-2024-21503 in rootio-black - Patched by Root
Root has patched CVE-2024-21503 in the rootio-black package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-9595 CVE-2026-9595 in @rootio/webpack-dev-server - Patched by Root
Root has patched CVE-2026-9595 in the @rootio/webpack-dev-server package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-30359 CVE-2025-30359 in @rootio/webpack-dev-server - Patched by Root
Root has patched CVE-2025-30359 in the @rootio/webpack-dev-server package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-30360 CVE-2025-30360 in @rootio/webpack-dev-server - Patched by Root
Root has patched CVE-2025-30360 in the @rootio/webpack-dev-server package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-6402 CVE-2026-6402 in @rootio/webpack-dev-server - Patched by Root
Root has patched CVE-2026-6402 in the @rootio/webpack-dev-server package for Root:npm. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2021-47621 CVE-2021-47621 in io.root.io.github.classgraph:classgraph - Patched by Root
Root has patched CVE-2021-47621 in the io.root.io.github.classgraph:classgraph package for Root:Maven. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41907 CVE-2026-41907 in @rootio/uuid - Patched by Root
Root has patched CVE-2026-41907 in the @rootio/uuid package for Root:npm. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-6481 CVE-2023-6481 in io.root.ch.qos.logback:logback-core - Patched by Root
Root has patched CVE-2023-6481 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-11226 CVE-2025-11226 in io.root.ch.qos.logback:logback-core - Patched by Root
Root has patched CVE-2025-11226 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...