MAL-2026-4323 Malicious code in nba-cdn-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6472220c5bb80d934ccb360b63359201b4f8e203bc8c173b27cd4181c15964b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4322 Malicious code in nba-blocker-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f1fe232a9f7f60759e2b252db2948228245fa7ee3881d1fb5e3954a2ca3bcf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nba-cdn-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6472220c5bb80d934ccb360b63359201b4f8e203bc8c173b27cd4181c15964b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview nba-cdn-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-160159 Malicious code in masako-males-nba (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector badd7023af3e2302abd0fca71841b2848846cd69f3bb0e467ded91d010619177 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2014-6578

Malware in sbrugna...

Malicious code in nba-node (npm)

The package nba-node was found to contain malicious code...

Malicious code in lakers-shop---nba-jersey (npm)

The package lakers-shop---nba-jersey was found to contain malicious code...

MAL-2025-27127 Malicious code in nba-node (npm)

The package nba-node was found to contain malicious code...

Malicious code in knicks-store---nba-jersey (npm)

The package knicks-store---nba-jersey was found to contain malicious code...

ak-static-int.nba.com Cross Site Scripting vulnerability OBB-3849730

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

A week in security (March 20 - 26)

Last week on Malwarebytes Labs: How to avoid potentially unwanted programs "ViLE" members posed as police officers and extorted victims Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles A look at a Magecart skimmer using the Hunter obfuscator The NBA tells fans about...

The NBA tells fans about data breach

The National Basketball Association NBA has notified its fans they may be affected by a data breach in a third-party service the organization uses. For now, it is safe to assume that the attacker only obtained names and email addresses, but the NBA has hired the services of external cybersecurity...

October 18, 2017 – Morning Cyber Coffee Headlines – “NBA” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 18, 2017 - Headlines Carbon Black in the News: Australia’s breach...

nba.com XSS vulnerability

Vulnerable URL: http://www.nba.com/components/EmailAStoryToAFriend.html?articleURL=http://www.nba.com/tvprograms/courtsidecountdown.html?nav=1=%22%3E%3Csvg/onload=alert/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| Yes, at 07.12.2017 Latest check for patch:| 07.12.2017 07:57 GMT...

NBA app - Dangerous filesystem permissions, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application NBA app published at the 'play' market has multiple vulnerabilities...

fans.heat.nba.com Open Redirect vulnerability

Vulnerable URL: http://fans.heat.nba.com/community/login/?loginProcess=twitter=aHR0cHM6Ly93d3cub3BlbmJ1Z2JvdW50eS5vcmcv= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank|...

NBA LIVE Mobile - Base64 encoded String, Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application NBA LIVE Mobile published at the 'play' market has multiple vulnerabilities...

The Official NBA Quiz - Customized SSL, Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application The Official NBA Quiz published at the 'play' market has multiple vulnerabilities...

NBA All Net - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application NBA All Net published at the 'play' market has multiple vulnerabilities...