GHSA-9HC2-W9GG-Q6JW Malicious Package in boogeyman

All versions of boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users .npmrc and send them to a private pastebin account. Recommendation This package was published to the npm Registry for a very short period ...

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator...

Malicious Package

rest-client is a malicious package. The package evaluates code stored on a remote server pastebin.com and upon execution of the malicious code on the victim system, sends system information to mironanoru.zzz.com.ua...

Scavenger - Crawler Searching For Credential Leaks On Different Paste Sites

Just the code of my OSINT bot searching for sensitive data leaks on different paste sites. Search terms: credentials private RSA keys Wordpress configuration files MySQL connect strings onion links links to files hosted inside the onion network PDF, DOC, DOCX, XLS, XLSX Keep in mind: 1. This bot ...

Pirate matryoshka

The use of torrent trackers to spread malware is a well-known practice; cybercriminals disguise it as popular software, computer games, media files, and other sought-after content. We detected one such campaign early this year, when The Pirate Bay TPB tracker filled up with harmful files used to...

pastebin.com XSS vulnerability

Vulnerable URL: http://pastebin.com/download.php?i= Details: Description| Value ---|--- Patched:| Yes, at 10.11.2015 Latest check for patch:| 10.11.2015 16:54 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1649 Google Pagerank| 6 VIP website status:| Yes Check...