MAL-2026-4601 Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

Cursor AI Agent Wipes PocketOS Database and Backups in 9 Seconds

PocketOS founder says Cursor AI agent deleted its production database in 9 seconds after misusing a root API token, exposing major Railway security flaws...

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, wit...

CVE-2022-33058

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletemessage...

CVE-2022-33049

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manageuser...

CVE-2022-33055

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/managetrain.php...

CVE-2022-33059

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletetrain...

CVE-2022-33060

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deleteschedule...

CVE-2022-33042

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/viewdetails.php...

EUVD-2014-5724

Malware in sbrugna...

EUVD-2023-52731

Malicious code in bioql PyPI...

EUVD-2022-36105

Malicious code in bioql PyPI...

EUVD-2022-36118

Malicious code in bioql PyPI...

EUVD-2024-48669

Malicious code in bioql PyPI...

EUVD-2024-48753

Malicious code in bioql PyPI...

EUVD-2021-32997

Malicious code in bioql PyPI...

EUVD-2024-49860

Malicious code in bioql PyPI...

EUVD-2024-48668

Malicious code in bioql PyPI...

EUVD-2024-49845

Malicious code in bioql PyPI...