Malicious code in ilovingcats (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bbf798857d246d05c268c052e1b394b82f9a62af9af62ff888c2ff03bb2d4f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2023-52976

In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efimemreservepersistent When iterating on a linked list, a result of memremap is dereferenced without checking it for NULL. This patch adds a check that falls back on allocating a new page in case...

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783 , has been described as a case of "incorrect handl...

Important: Red Hat Security Advisory: VolSync 0.12.1 security fixes and enhancements for RHEL 9

VolSync v0.12 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Malicious code in gaimes-fun (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa65f4433275ee9c01057f21b5c3be7d3f23b729e2525a56cbaf26e3d564838f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9103 Persistent XSS in blocked messages

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security Blocked Messages module allows Stored XSS. This issue affects Email Security through 8.5.5...

CVE-2024-9103 Persistent XSS in blocked messages

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security Blocked Messages module allows Stored XSS. This issue affects Email Security through 8.5.5...

UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and...

CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...

UAT-5918 targets critical infrastructure entities in Taiwan

By Jung soo An, Asheer Malhotra, Brandon White, and Vitor Ventura. Cisco Talos discovered a malicious campaign we track under the UAT-5918 umbrella that has been active since at least 2023. UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft,...

Malicious code in sign-tx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70ec991a7e81c79ff114b0d5a7a8aa54a20e59af45f834b775ad4814c1e718c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in near-lake-raw-printer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e593a192910f4a7cb2542c2fb2974be98c92be795c5ab639f2d5b31f6e88e0fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in compliancereadserv-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5393d59c4341633c717d7af99e6afc6d7a1c673541cc84a0eb255d5d30434313 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

Malicious code in new-nav-docusaurus-2-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 056a07097ce29a75544b9e104af6e236c35ff7aeac79d48c35c1a208a779f41e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: RHODF-4.18-RHEL-9 enhancement, bug fix and security update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.18.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

Thousands of WordPress Websites Infected with Malware

The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven't seen before. Which introduces another type of attack made possibly by abusing websites that don't monitor...

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker aka Monstrous Mantis, FIN7, FIN8, and Ruthless Mantis ex-REvil. "Ragnar Loader plays a key role in keeping access to...

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution RCE flaw in the PHP-CGI implementation of PHP on Windows, to gai...

CLSA-2025-1741291194 flatpak: Fix of CVE-2024-42472

CVE-2024-42472: patch Flatpak to include the new --bind-fd option in bubblewrap to prevent symlink attacks on persistent directories...