Malicious code in magicwolf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d4f256ccd65da42e297351fbc7c15d4f3b25789c362d0d3419d580c4e07bf34 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

Malicious code in clawdest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf31ecc1ce2cf9d018d5ea73c9ee8467f85efd2fda44d75dfd10797cb35778a2 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation...

Malicious Package

Overview DiscordsRpc is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's machine, all...

FIN7 Backdoor Masquerades as Ethical Hacking Tool

The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...

Malicious Package

npmpubman is a malicious package. The package contains malicious code in index.js which sends local environment variables to a remote server. The malicious code does not execute upon installation...

GHSA-4RX9-58M7-GR8W Malicious Package in css_transform_step

Version 1.0.6 of csstransformstep contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.6 of this module is found installed you...

Linux Bug Opens Most VPNs to Hijacking

A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers. According to researchers at University of New Mexico and Breakpointin...

Malicious Package

github-jquery-widgets contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

IoT-Home-Guard - A Tool For Malicious Behavior Detection In IoT Devices

IoT-Home-Guard is a project to help people discover malware in smart home devices. For users the project can help to detect compromised smart home devices. For security researchers it is also useful in network analysis and malicious hehaviors detection. In July 2018 we had completed the first...

Update Protections against Recent Malware Threats (20-May-09)

The update includes new protections against 8 recent malware threats:Rogue-Software: ThreatNuker - ThreatNuker is a rogue security software that performs fake scans on the system and reports false and exaggerated infections. It attempts to trick the users into purchasing the license of the softwa...