Lucene search
K

216 matches found

Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/pangolin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview @cloudplatform-single-spa/ml-inference-comfy-run is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview @cloudplatform-single-spa/ml-finetuning is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @car-loans/close-flow-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview @cloudplatform-single-spa/vpc-endpoint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.6 views

Malicious Package

Overview @cloudplatform-single-spa/vmware-draas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.9AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/05/26 1:7 p.m.14 views

Fake software on GitHub and SourceForge distribute Deno RAT

During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links ...

6AI score
Exploits0
OSV
OSV
added 2026/05/06 12:0 a.m.10 views

MAL-2026-3609 Malicious code in forge-jsxy (npm)

forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/24 6:55 p.m.8 views

Malicious code in swampo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b8e193e75e6ca7d387f21b53c251e6ee8791d9ec4ca3f37099e765415d36157 Multi-stage dropper. The "analytics" functionality fetches fake updates information that should contain the next URL. From it, a yet another URL is downloaded,...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/04/24 6:55 p.m.5 views

MAL-2026-3031 Malicious code in swampo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b8e193e75e6ca7d387f21b53c251e6ee8791d9ec4ca3f37099e765415d36157 Multi-stage dropper. The "analytics" functionality fetches fake updates information that should contain the next URL. From it, a yet another URL is downloaded,...

5.5AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/20 1:41 p.m.15 views

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push...

10CVSS8AI score0.9987EPSS
Exploits67
HackRead
HackRead
added 2026/04/15 8:36 a.m.7 views

Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows

Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/06 4:24 p.m.7 views

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.5 views

SigCorr 0.1.0

SigCorr detects cross-protocol attack chains spanning SS7/MAP, Diameter S6a, and GTPv2-C interfaces in mobile core networks. It performs unified subscriber identity correlation across protocol boundaries to detect multi-stage attacks that single-interface monitors miss. It is written in Java 17 a...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/04/05 6:0 p.m.28 views

CVE-2026-5586 zhongyu09 openchatbi Multi-stage Text2SQL Workflow sql injection

A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.00256EPSS
Exploits0References6
Circl
Circl
added 2026/03/27 4:45 p.m.6 views

CVE-2026-26189

creationtimestamp| type| source ---|---|--- 2026-03-27 16:45:04+00:00| seen| https://www.acn.gov.it/portale/w/attacco-multistadio-alla-supply-chain-ci/cd-e-iniezione-di-codice-malevolo...

8.1CVSS6AI score0.01298EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/03/20 11:38 a.m.6 views

That “job brief” on Google Forms could infect your device

We've identified a campaign using business-related lures, such as job interviews, project briefs, and financial document, to distribute malware, including the PureHVNC Remote Access Trojan RAT. It's not the malware that's new, but how the attack starts. Instead of the usual phishing email or fake...

6AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/03/19 12:0 a.m.5 views

Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries

We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.6 views

DeepStage: Learning Autonomous Defense Policies against Multi-Stage APT Campaigns

This paper presents DeepStage, a deep reinforcement learning DRL framework for adaptive, stage-aware defense against Advanced Persistent Threats APTs. The enterprise environment is modeled as a partially observable Markov decision process POMDP, where host provenance and network telemetry are fus...

5.8AI score
Exploits0
Trellix
Trellix
added 2026/03/11 12:0 a.m.8 views

Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution

Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution By Madhini Muralidharan · March 11, 2026 Traditional malware campaigns rely heavily on dropping executable files to disk—artifacts that defenders can scan, quarantine, and analyze with signature-based security tools. Mode...

6.3AI score
Exploits0
Rows per page
Query Builder