Lucene search
K

7 matches found

The Hacker News
The Hacker News
added 3 days ago13 views

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/15 7:32 p.m.16 views

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2026/06/05 3:19 p.m.57 views

CVE-2026-48102 GHSL-2026-118: 7-Zip UDF Field OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

3.1CVSS0.00189EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:8 p.m.6 views

CVE-2026-40568

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS5.8AI score0.00238EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/24 3:7 p.m.18 views

CVE-2026-33335 Vikunja Desktop allows arbitrary local application invocation via unvalidated shell.openExternal

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

6.4CVSS0.00248EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.5 views

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS7.7AI score0.00252EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.5 views

The vulnerability of the Thunderbird email client, which allows a malicious actor to execute arbitrary code

Mozilla Thunderbird’s email client contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, using a fragment of IDL to trigger a...

9.3CVSS7.5AI score0.82339EPSS
Exploits5References5Affected Software1
Rows per page
Query Builder