Malicious code in @vapi-ai/server-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

MAL-2026-5235 Malicious code in awaitly-analyze (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagatemnt function handles mount propagation when creating mounts and propagates the source mount tree @sourcemnt to all applicable nodes of the destination propagation mount tree headed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: The error check in parsebtffield has been fixed. btffindstructmember may return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. This issue is fixed b...

CLSA-2026-1778783204 Update of kernel

net: skbuff: propagate shared-frag marker through pskbcopy...

MAL-2026-3598 Malicious code in @draftlab/db (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3584 Malicious code in @uipath/uipath-python-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 465b4e4f63672a795258fa84f389a2194ac5052990b98799381806b2cc286069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3558 Malicious code in @uipath/packager-tool-bpmn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a5692c6b042a5bcb1332d3c1efb3db46428eaab10fea07d84883480c041d835 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow...

CVE-2026-43139 xfrm6: fix uninitialized saddr in xfrm6_get_saddr()

In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6getsaddr xfrm6getsaddr does not check the return value of ipv6devgetsaddr. When ipv6devgetsaddr fails to find a suitable source address returns -EADDRNOTAVAIL, saddr-in6 is left uninitialize...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: The return value from changememorycommon must be propagated. The rodata=on security measure requires that any code path that uses vmalloc or setmemoryro/setmemoryrox must also protect the linear map alias...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: The error related to directory read operations from nilfsfindentry is now propagated to the calling functions. Syzbot reported that a task hang occurred in vcsopen during a fuzzing test for nilfs2. The root cause of this...

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:4320-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4320-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: -...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992274)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992274 advisory. In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagatemnt function handles mount propagation when...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992167 advisory. In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagatemnt function handles mount propagation when...

CVE-2025-68737

In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from changememorycommon The rodata=on security measure requires that any code path which does vmalloc - setmemoryro/setmemoryrox must protect the linear map alias too. Therefore, if such a...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857...

Malicious code in hyper-fullfacing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9c05ea2ff38a274ac4ddcadb9206e1f6d6736e32ce536e149160e99fdd37ba7 The package hyper-fullfacing was found to contain malicious code. Source: ghsa-malware 0068679876dedee5d5fc8affa29f353019af199cd3a22493bc1e122f440b32...

MAL-2025-191187 Malicious code in @antstackio/eslint-config-antstack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3b34f284b315d21cd0f6b7ea57e1fc8b908ade13ffde115d3fb1f6727c7d4a The package @antstackio/eslint-config-antstack was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191388 Malicious code in @vucod/email (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e91b5731b235151065b43287967fa368625822413bb181076f044b34a155d0c5 The package @vucod/email was found to contain malicious code. Source: google-open-source-security...