Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

The China-based cybercrime group known as Silver Fox aka Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that...

MAL-2026-3325 Malicious code in cloudauth-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ccc67c8452789facd5ba7b991c89a1410dc3058f1c8112c16812e8d004efdf0f Package attempts to exfiltrate various credential files. In the analyzed version, the exfiltration target was set as localhost suggesting it's not the final...

MAL-2026-3324 Malicious code in randomchoicemas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0dc4c38310ad4ec9a939abd09fa48fce4f2f2e91e02389d59f3fefc30eda4c2c The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

ai-24sea (>=0.1.0 <=1.1.1), ai-documentation-writer (>=0.1.0 <=0.1.1) +31 more potentially affected by CVE-2026-7724 via prefect (>=3.0.0rc20 <=3.6.22)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.1.0, =0.16.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =2.3.0rc19 - mcp-prefect =0.1.0 and more Source cves: CVE-2026-7724 Source advisory: SNYK:PYTHON-PREFECT-16383760...

ai-24sea (>=0.1.0 <=1.1.1), askap-flint (>=0.6.1 <=0.8.0) +29 more potentially affected by CVE-2026-7723 via prefect (>=3.0.0rc20 <=3.6.13)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =0.0.2, =0.0.14 and more Source cves: CVE-2026-7723 Source advisory: SNYK:PYTHON-PREFECT-16379909...

[SECURITY] Fedora 43 Update: python3.14-3.14.4-2.fc43

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

python3 security update

3.6.8-21.0.11 - Security update CVE-2026-4519 Orabug: 39246828...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained a code injection vulnerability. This vulnerability stems from workflows that include Python Code Nodes, allowing authenticated users to escape the sandbox and...

python security update

2.7.5-94.0.7 - Fix for CVE-2026-4519 Orabug: 39243798...

OPENSUSE-SU-2026:10681-1 python311-social-auth-core-4.8.7-1.1 on GA media

These are all security issues fixed in the python311-social-auth-core-4.8.7-1.1 package on the GA media of openSUSE Tumbleweed...

RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.12.41 (RHSA-2023:6128)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6128 advisory. - python-eventlet: patch regression for CVE-2021-21419 in some Red Hat builds CVE-2023-5625 Note that Nessus has not tested for this issue bu...

sshprank 1.7.0

sshprank is a fast SSH mass-scanner, login cracker, and banner grabber tool using the python-masscan and shodan modules...

PT-2026-36904

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...

PT-2026-36887

Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...

PPTAgent 安全漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent 418491a contained security vulnerabilities. These vulnerabilities stemmed from issues with the Python eval function when executing code generated by LLM,...

RHCOS 9 : OpenShift Container Platform 4.13.54 (RHSA-2024:10815)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10815 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.15.30 (RHSA-2024:6016)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6016 advisory. - python-werkzeug: user may execute code on a developer's machine CVE-2024-34069 Note that Nessus has not tested for this issue but has inste...

RHCOS 9 : OpenShift Container Platform 4.15.39 (RHSA-2024:10145)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10145 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

OPENSUSE-SU-2026:10680-1 python311-django-allauth-65.16.1-2.1 on GA media

These are all security issues fixed in the python311-django-allauth-65.16.1-2.1 package on the GA media of openSUSE Tumbleweed...