18 matches found
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don't see it. Yo...
MAL-2026-2848 Malicious code in @than-xs/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c613873d188e4ec1b5e30520478eb5e162c8f2b10cad3dd50e0973d9ca925034 The package @than-xs/libsignal-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-431 Malicious code in testpkg-yilider690 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b24877bbf4fcd353c066c4597f200a64f940b5f419e09fd932be5add60e2ed95 The package testpkg-yilider690 was found to contain malicious code. Source: ghsa-malware...
WordPress Kunze Law plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...
Malicious code in confluent-kafka (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80f8f3691acc10147a767bd08facab31e59a8acfb8d38c89df1400e263cc6f8f The package confluent-kafka was found to contain malicious code. Source: ghsa-malware 135e8cf2cd5582b8ed8562c5f5ccfd1cf7265319ad340463b750b75e341858e...
Malicious code in workflows-enterprise (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b771d1114b155b3dc1b86df3009f418d2291384328cfa8c9f0b0d35e7808b19 Any computer that has this package installed or running should be considered...
Malicious code in redirect-57j5wb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d73657b4f9f61a0b3a6e7bee705c52a3394efb6c4c65cfc4d1807ad9da91091 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-svg-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af2a1717363aad3bb129687fc2526ded4d96a8d7e578862b6d400cf5864e1985 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in productprovisionserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75dad0f6babf96cfb4a95d824bca2147c16179c9da17c388ca7bdac5d76d8f96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in amazon-codewhisperer-jupyterlab-ext (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a4e17673b58fae37b25deaea3bf55c6fdb9a69285dde321917e6e775d7cdf57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in trufflevscode (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf08d3952be6248181a39013b0923365cf27f422f56a1e3ca9addb9d8099e452 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/doloribus-sapiente-voluptatum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a658dcbe3ce6846f4c71b1d459554d2ee4a1ccc9326a6d30d7fcdf47c4b293a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @awesome-astra/integrations (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90df5c315cd0f716f906b96b9472e378345b1862657df527b2b3c152ca1d3005 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dhi-lambda-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3351ebceada844e3c37823d1758b1dc0dde8032ecee467287317086cdc5b3d01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v199 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b392ff5b77259a428780d2bb24529596a239226553a8ece97f4c9158fcf2fdcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in google-iot-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b6b3105c3a643952ccd44dddd3ed028de61de359b2072023d06603b08279588 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @harrysforge/accordion (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74b51de5e7691281a1f8cdd58f14ede06abe6301714e67a7f8e5242c6c252d8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Gitmails - An Information Gathering Tool To Colect Git Commit Emails In Version Control Host Services
An information gathering tool to colect git commit emails in version control host services. Overview Gitmails explores that git commits contains a name and an email configured by the author and that version control host services are being used to store a lot of projects. What Gitmails does is:...