6 matches found
CVE-2025-59145
color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrenc...
CVE-2025-59142
color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
CVE-2025-59141
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
PT-2025-37760
Name of the Vulnerable Software and Affected Versions color-name versions prior to 2.0.2 Description An npm publishing account for color-name was taken over following a phishing attack. Version 2.0.1 was published with a malware payload designed to redirect cryptocurrency transactions to the...
How Not to Acknowledge a Data Breach
I'm not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it's crystal clear they wouldn't know what to do with a data breach if...
Threat Outbreak Alert RuleID17383: Email Messages Distributing Malicious Software on August 14, 2015
Medium Alert ID: 40497 First Published: 2015 August 14 18:57 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17383 may contain the following files: Name |...