CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

CVE-2026-48800

Notepad++ prior to 8.9.6.1 is affected by CVE-2026-48800 where the content inside in shortcuts.xml is read without validation and used to build a Run menu item that ShellExecute() executes. The attacker-controlled string becomes the executable path when the user clicks the Run menu entry, enabl...

Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

MAL-2026-6531 Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

EUVD-2026-39786

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

Malicious code in extra-huggingface (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c76a4e01b00801049375b9e60419bfba79f9b0afbb02aab5b4117f989296c5d3 The package presents itself as part of the Hugging Face ecosystem but actually ships a remote-access agent. extrahuggingface/init.py re-exports...

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligence has identified an active multi-stage intrusion campaign targeting organizations in the hospitality and hotel industry since April 2026. We’ve observed this...

Malicious code in base58-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0081cc9c4152afede923a3e8ee9eb2116b32c02b7f355edbd411f23b2e67273c [email protected] presents itself as a base58 encoding library README markets it as @base58/core, public API mimics bs58/@scure/base but on require o...

MAL-2026-6445 Malicious code in base58-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0081cc9c4152afede923a3e8ee9eb2116b32c02b7f355edbd411f23b2e67273c [email protected] presents itself as a base58 encoding library README markets it as @base58/core, public API mimics bs58/@scure/base but on require o...

PT-2026-52655

Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description Passwords are stored in plaintext in the users.password column when a user's password is updated. This occurs because the User model only triggers password hashing during the before insert even...

Malicious code in leo-config (npm)

The leo-config npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

MAL-2026-6428 Malicious code in leo-cron (npm)

The leo-cron npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

Malicious code in leo-connector-mysql (npm)

The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

Malicious code in leo-connector-mongo (npm)

The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

MAL-2026-6419 Malicious code in leo-cache (npm)

The leo-cache npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

Malicious code in leo-streams (npm)

The leo-streams npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

Malicious code in rstreams-metrics (npm)

The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

Malicious code in solo-nav (npm)

The solo-nav npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...