Lucene search
K

24 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.18 views

Malicious code in polymarket-ai-agent (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 9:11 a.m.15 views

Malicious code in web3-py-checksum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a The code silently exfiltrates the private key of a crypto account. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

5.9AI score
Exploits0References1
Securelist
Securelist
added 2026/04/20 9:1 a.m.8 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
CVE
CVE
added 2026/01/02 9:39 p.m.16 views

CVE-2025-64122

CVE-2025-64122 describes an Insufficiently Protected Credentials vulnerability in the Nuvation Energy Multi-Stack Controller (MSC) that enables Signature Spoofing via Key Theft. Affected product: MSC versions up to and including 2.5.1. Root cause and impact are limited to credentials protection a...

7.2CVSS6.6AI score0.00081EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3483

Malicious code in bioql PyPI...

8.3CVSS6.6AI score0.00431EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:12 a.m.9 views

CVE-2024-54134

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

8.3CVSS6.4AI score0.00431EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/04/23 7:17 a.m.26 views

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package:...

9.3CVSS6.6AI score0.00818EPSS
Exploits2
Veracode
Veracode
added 2024/12/11 8:35 a.m.10 views

Malicious Package

@solana/web3.js is a Malicious Package allowing an attacker to steal private key material and drain funds from applications directly handling private keys...

8.3CVSS6.7AI score0.00431EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.5 views

SUSE CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

5.5CVSS8.8AI score0.00263EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.10 views

The owner can swap the proxy implementation with a malicious one

Lines of code Vulnerability details The owner of VRFNFTRandomDrawFactory.sol could swap the current implementation with a malicious one at any moment, without a waiting period. Impact The worse case scenario is one in which the private key of the contract owner gets stolen. In this case the owner...

6.7AI score
Exploits0
Prion
Prion
added 2022/09/18 5:15 p.m.16 views

Design/Logic Flaw

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022...

5CVSS7.5AI score0.01036EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/09/18 12:0 a.m.9 views

profanity 安全特征问题漏洞

profanity is an ethereum vanity address generator from BlackTrace Personal Developers. A security vulnerability exists in profanity versions 1.60 and earlier, which stems from the fact that it has only 4 billion possible RNG initializations leading to an attacker being able to recover private key...

7.5CVSS7.2AI score0.01036EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/02/16 2:33 p.m.3 views

nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function

A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this...

4.7CVSS7AI score0.00268EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/02/16 2:33 p.m.2 views

nss: Side channel attack on ECDSA signature generation

A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDS...

5.3CVSS7AI score0.01449EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/02/16 2:33 p.m.5 views

nss: ECDSA timing attack mitigation bypass

A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDS...

4.7CVSS7AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/29 10:31 p.m.6 views

nss: Side channel attack on ECDSA signature generation

A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDS...

5.3CVSS7AI score0.01449EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/29 10:31 p.m.7 views

nss: ECDSA timing attack mitigation bypass

A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDS...

4.7CVSS7AI score0.00323EPSS
Exploits0References5
OSV
OSV
added 2020/09/01 9:21 p.m.14 views

GHSA-9X64-5R7X-2Q53 Malicious Package in flatmap-stream

Version 0.1.1 of flatmap-stream is considered malicious. This module runs an encrypted payload targeting a very specific application, copay and because they shared the same description it would have likely worked for copay-dash. The injected code: - Read in AES encrypted data from a file disguise...

9.8CVSS7.1AI score
Exploits0References2
Symantec
Symantec
added 2018/10/10 8:1 a.m.52 views

OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can...

5CVSS1.2AI score0.49268EPSS
Exploits0Affected Software22
The Hacker News
The Hacker News
added 2018/07/30 2:30 p.m.2 views

KICKICO Hacked: Cybercriminal Steals $7.7 Million from ICO Platform

Again some bad news for cryptocurrency users. KICKICO, a blockchain-based initial coin offering ICO support platform, has fallen victim to a suspected cyber attack and lost more than 70 million KICK tokens or KickCoins worth an estimated $7.7 million. In a statement released on its Medium post on...

6.9AI score
Exploits0
Rows per page
Query Builder