MAL-2026-5407 Malicious code in @card-pci-data/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a82d7b7e7588c4b773e2948eb1707e62f2fcece2bec37a23eda5d5058eae871 On npm install, the package's preinstall hook scripts.preinstall: node index.js || true runs index.js which collects host identity — os.hostname,...

Malicious code in @card-pci-data/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a82d7b7e7588c4b773e2948eb1707e62f2fcece2bec37a23eda5d5058eae871 On npm install, the package's preinstall hook scripts.preinstall: node index.js || true runs index.js which collects host identity — os.hostname,...

CTEM for Financial Services: Protect What Matters Most

Financial institutions process trillions of dollars in transactions every day. One exploited vulnerability can freeze operations, trigger regulatory penalties, and erode customer trust overnight. Traditional vulnerability management, which scans, scores, and queues patches, cannot keep pace with...

PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown

...

PCI: endpoint: Avoid creating sub-groups asynchronously

...

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability stems from unvalidated endpoints returning payment card credentials encrypted using MD5. It may lead to...

CVE-2025-13371

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...

CVE-2025-13371 Money Space <= 2.13.9 - Unauthenticated Sensitive Information Exposure

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...

PT-2026-1563

Name of the Vulnerable Software and Affected Versions MoneySpace plugin for WordPress versions prior to 2.13.9 Description The MoneySpace plugin for WordPress exhibits a sensitive information exposure issue. The plugin stores complete payment card details – including Primary Account Number PAN,...

CVE-2023-54235

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroyworkonstack race The following debug object splat was observed in testing: ODEBUG: free active active state 0 object: 0000000097d23782 object type: workstruct hint: doestatemachinework+0x0/0x510 WARNING: CPU: ...

Weak Enforcement and Low Compliance in PCI~DSS: A Comparative Security Study

Although credit and debit card data continue to be a prime target for attackers, organizational adherence to the Payment Card Industry Data Security Standard PCI DSS remains surprisingly low. Despite prior work showing that PCI DSS can reduce card fraud, only 32.4% of organizations were fully...

SMS Phishers Pivot to Points, Taxes, Fake Retailers

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment...

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may...

New Browser Security Report Reveals Emerging Threats for Enterprises

According to the new Browser Security Report 2025 , security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user's browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What's emerging isn't just a...

EUVD-2021-21705

Malware in sbrugna...

EUVD-2025-18104

Malicious code in bioql PyPI...

Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance

When the latest PCI DSS 4.0 requirements came into full effect in March 2025, organizations processing cardholder data faced new obligations to protect payment pages from client-side risks. Requirements such as 6.4.3 script inventory, authorization, and integrity monitoring and 11.6.1 detection o...

Introducing Enhanced User Interface for Qualys PCI DSS 4.0 ASV Compliant Solution

We’re excited to introduce the new Qualys PCI ASV user interface, built to deliver a smarter, faster, and more intuitive experience. The redesigned PCI ASV UI helps you simplify PCI DSS 4.0 compliance, save time, and reduce audit-related stress. This major update improves usability, streamlines...

PCI: pnv_php: Fix surprise plug detection and recovery

...

Linux Distros Unpatched Vulnerability : CVE-2021-38155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account...