Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Investimentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along wi...

CVE-2025-57564

CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...

EUVD-2020-2742

Malware in sbrugna...

EUVD-2025-32855

CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...

PT-2025-41008

Name of the Vulnerable Software and Affected Versions CubeAPM version nightly-2025-08-01-1 Description The software allows unauthenticated attackers to inject arbitrary log entries into production systems. This is possible through the /api/logs/insert/elasticsearch/ bulk API endpoint, which accep...

CVE-2025-57564

CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant...

Cisco IOx Application Hosting Environment Privilege Escalation (cisco-sa-rdocker-uATbukKn)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure that could allow an authenticated, remote attacker to access the underlying operating system ...

Reddit Suffers Security Breach Exposing Internal Documents and Source Code

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and...

CVE-2018-18397

A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege...

kernel: userfaultfd bypasses tmpfs file permissions

A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege...

OpenSSL 1.0.1 Memory Corruption

Exploit for multiple platform in category remote exploits Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing...

OpenSSL ASN1 BIO Memory Corruption Vulnerability

Exploit for windows platform in category dos / poc Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL...

Windows Escalate Locked Desktop Unlocker

This module unlocks a locked Windows desktop by patching the respective code inside the LSASS.exe process. This patching process can result in the target system hanging or even rebooting, so be careful when using this module on production systems. This module requires Metasploit:...

OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities

OpenSSL contains vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions. The first vulnerability CVE-2005-2969 affects any application using a SL/TLS server implementation provided by OpenSSL versions 0.9.7g and prior. If these implementations have...