MAL-2026-5226 Malicious code in autotel-pact (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in autotel-pact (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)

commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...

au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)

commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...

ai.intelliswarm:swarmai-core (>=1.0.24 <=1.0.28), ai.intelliswarm:swarmai-distributed (>=1.0.24 <=1.0.28) +2731 more potentially affected by CVE-2025-27820 via org.apache.httpcomponents.client5:httpclient5 (>=5.4-alpha1 <=5.4.2)

org.apache.httpcomponents.client5:httpclient5 MAVEN version =5.4-alpha1, =1.0.24, =1.0.24, =1.0.24, =1.0.24, =1.0.24, =1.0.27, =1.0.24, =1.0.24, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.26, =0.0.1, =0.0.2 and more Source cves: CVE-2025-27820 Source advisory: OSV:GHSA-73M2-QFQ3-56CX...

A week in security (April 7 &#8211; April 13)

Last week on Malwarebytes Labs: The Pall Mall Pact and why it matters Child predators are lurking on dating apps, warns report Your 23andMe genetic data could be bought by China, senator warns WhatsApp for Windows vulnerable to attacks. Update now! Man accused of using keylogger to spy on...

The Pall Mall Pact and why it matters

The US State Department reportedly plans to sign an international agreement designed to govern the use of commercial spyware known as the Pall Mall Pact. The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024. The goal of the...

ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7524 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.0.0 <=6.0.23)

org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), au.com.dius.pact:au.com.dius.pact.gradle.plugin (>=2.1.1 <=2.1.12) +2259 more potentially affected by CVE-2024-47855 via net.sf.json-lib:json-lib (>=0.7.1 <=2.4)

net.sf.json-lib:json-lib MAVEN version =0.7.1, =0.0.20, =2.1.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.20 and more Source cves: CVE-2024-47855 Source advisory: OSV:GHSA-WWCP-26WC-3FXM...

androidx.room:room-compiler-processing-testing (>=2.3.0 <=2.4.0-alpha04), au.com.dius.pact.provider:gradle (>=4.1.21 <=4.3.0-beta.6) +2878 more potentially affected by CVE-2021-47621 via io.github.classgraph:classgraph (>=4.0.3 <=4.8.110)

io.github.classgraph:classgraph MAVEN version =4.0.3, =2.3.0, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =1.2.5.RELEASE, =1.2.5.RELEASE, =1.3.5.RELEASE, =1.3.7.RELEASE and more Source cves: CVE-2021-47621 Source advisory:...

Fedora: Security Advisory for golang-github-pact-foundation (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-pact-foundation-1.5.1-7.fc36

Pact Go enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for t he service provider project...

Fedora: Security Advisory for golang-github-pact-foundation (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-pact-foundation-1.5.1-6.fc35

Pact Go enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for t he service provider project...

Fedora: Security Advisory for golang-github-pact-foundation (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-pact-foundation-1.5.1-6.fc36

Pact Go enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for t he service provider project...

ai.konduit.serving:konduit-serving-cli (=0.1.0), ai.konduit.serving:konduit-serving-distro-bom (=0.1.0) +1594 more potentially affected by CVE-2022-30973 via org.apache.tika:tika-core (>=1.17 <=1.28.2)

org.apache.tika:tika-core MAVEN version =1.17, =4.1.3, =3.1.1, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.2.7, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.4.0-beta.7 and more Source cves: CVE-2022-30973 Source advisory: OSV:GHSA-QW3F-W4PF-JH5F...

au.com.dius.pact:au.com.dius.pact.gradle.plugin (>=2.1.1 <=2.1.12), au.com.dius:pact-jvm-consumer-groovy-v3_2.10 (>=2.2.11 <=2.2.15) +1354 more potentially affected by CVE-2013-7397 via com.ning:async-http-client (>=1.0.0 <=1.9.0-BETA6)

com.ning:async-http-client MAVEN version =1.0.0, =2.1.1, =2.2.11, =2.2.11, =2.0.0, =2.0.0, =2.0-RC3, =2.0.0, =2.0.0, =2.0.4, =2.0-RC3, =2.0.0, =1.11, =2.0.0, =2.0.5, =2.0.5, =3.2.1 and more Source cves: CVE-2013-7397 Source advisory: OSV:GHSA-8H53-FJGG-G42G...

au.com.dius.pact:au.com.dius.pact.gradle.plugin (>=2.1.1 <=2.1.12), au.com.dius:pact-jvm-consumer-groovy-v3_2.10 (>=2.2.11 <=2.2.15) +1354 more potentially affected by CVE-2013-7398 via com.ning:async-http-client (>=1.0.0 <=1.9.0-BETA6)

com.ning:async-http-client MAVEN version =1.0.0, =2.1.1, =2.2.11, =2.2.11, =2.0.0, =2.0.0, =2.0-RC3, =2.0.0, =2.0.0, =2.0.4, =2.0-RC3, =2.0.0, =1.11, =2.0.0, =2.0.5, =2.0.5, =3.2.1 and more Source cves: CVE-2013-7398 Source advisory: OSV:GHSA-5C66-6H6G-6Q6M...