MAL-2025-147455 Malicious code in rimraf-npm-figures-bunyan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92e67eca40b604a5fca714a24246f0b0b3cc6af4183d168739c32455e8d84f10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in budi-kue35-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e31e00608ed936cb81b4d121637b016b6f6b34c5e3976ef38abad34c1bc82cba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

Conti Ransomware Operation Shut Down After Splitting into Smaller Groups

Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down its attack infrastructure in favor of migrating their malicious cyber activities to other ancillary operations, including Karakurt and BlackByte. "From the...

punchpublicity.nl Improper Access Control vulnerability OBB-2439159

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

A Peek Inside the Underground Ransomware Economy

Ransomware is not just a type of malware – it’s also at the center of a sophisticated, flourishing underground economy that has all the conventions of legitimate commerce. It’s a community made up of major malware developers, affiliates and channel partners, and those that provide adjacent...

Cellebrite Claims It Can Unlock Any iPhone

The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know...

[oss-security] Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS

On dim., 2014-06-15 at 19:31 +0100, Ben Hutchings wrote: Please can you assign a CVE ID to this bug? Hi Ben, we usually don't assign CVE from our pool for public issues, and I'm especially reluctant here as I don't know if someone else aware of this issue could have assign one. So I'm asking on...

Fake Google Iranian domain defaced by Algerian Script Kiddies

Google got Pwned ? NO Few Algerian Script Kiddies try to spread fake rumours that they Hack and Deface the Giant Search engine "Google Iranian" domain . As the above screenshot shown a Algerian flag on it and Page Titles : "H4Ck3D By vaga-hacker dz and DR.KIM". As mentioned by hacker, the team...

"The Daily" Hacked, Unauthorized Web Index Created !

One affair about The Daily that ashamed me from the additional I aboriginal laid eyes on the iPad bi-weekly that launched bygone is that there is no one abode area you can see a simple account of every news in the issue. There is a table of contents, but it shows alone ten featured stories. Like...