Malicious code in radiant-on-oscillation-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ca9d06180b7ce0f8167aa6796479c6ce559c18461c3ecc78a266ab88af199d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186128 Malicious code in chariklo-library-public-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa536a5e403d931475f9787e1461256bb925caed3c743de48b475db4b9bb1938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-plugin-markdown-mira-rollup-plugin-slides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59df9e16b1d88777561b0576f22280225530cc5984f4353928fdfe3d86100d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-136350 Malicious code in putra-telurtahu23-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e907eda7b39fc04bcf1d4983933bccb732162857310e3c7c71b105a5672d5323 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-101502 Malicious code in dfgerc-devapptea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c650a09be866cbb516e8c5a8249ec18ee0ef2743e1a8c0022ab5a9c155547aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-101460 Malicious code in dewi-gepuk20-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cdde8c265808af8214a8c5508b955098c7f0eabfb0195a3ea0552c3c6ff9a40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-93167 Malicious code in afraid_wildfowl_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8cc3b4c3b919cc597991ca87d5839a8f978ae68d40bca61a62d6cb0aa27583c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hadi-semur80-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e2ba281a12045f3c968e48ebbc4803a9dc439e55de5227795438c8eb830b61e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-71496 Malicious code in voiceless-aquamarine-crocodile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e8146a25f15975f91067ead3eaa7be6fd2b1cb7a5b9a168db26e17e6e395a87 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-51256 Malicious code in cici-buburayam45-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b50a259e5c5bca0c84e8a8e972109cb6ed324b674600137aa89cfe373b6692b The package cici-buburayam45-ruro was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

Malicious code in gilang-keripik95-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 582953e4345eb480aaffc0cfa8d51c907b0fc155738dc0a41db1af2db8636a35 The package gilang-keripik95-ruro was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreer...

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreer...

Google’s Waze Can Allow Hackers to Identify and Track Users

A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location. Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track...

Google Ups Product-Abuse Bug Bounties

Google is increasing the reward amounts in its bug-bounty program for reports focusing on potential attacks in the product-abuse space, to top out at $13,337 per report. Product abuse is when a threat actor uses a legitimate service in a way that enables social-engineering or other cyberattacks...

$100K Paid Out for Google Cloud Shell Root Compromise

Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...

Google Will Now Pay Anyone Who Reports Apps Abusing Users' Data

In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform. The expansion in Google's vulnerability reward...

Google Targets Data-Abusing Apps with Bug Bounty Launch

Google is looking to squash vulnerabilities on its Google Play app marketplace with a new bug-bounty program aimed at identifying data-abuse issues in Android apps and Chrome extensions. The company on Thursday announced the Developer Data Protection Reward Program, which, depending on the impact...

Google Triples Some Bug Bounty Payouts

Google is upping the ante for its Chrome bug bounty rewards program, doubling payouts from $15,000 to $30,000 for “high-quality” reports. It is also tripling baseline payouts for Chrome to $15,000. The bug-bounty pay raise is part of Google’s Chromium open-source project, which supplies the vast...

Zomato: [Zomato for Business Android] Vulnerability in exported activity WebView

Hello, i want to report the vulnerability found, Since the following activity com.application.zomatomerchant.home.HomeSalt has exported="true" it can be exploited by another application. Application Information Application: Zomato for Business Package Name: com.application.zomatomerchant Version:...