Malicious code in ts-logger-pack (npm)

ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...

Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

MAL-2026-4198 Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

Astra Linux - уязвимость в ffmpeg

Before ffmpeg version 4.3, the tty demuxer did not have a ‘readprobe’ function assigned to it. By creating a legitimate “ffconcat” file that references an image, followed by a file that triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Wake up all waiters after zerofslzmahead is ready When the user mounts erofs a second time, the decompression thread may hang. The problem occurs due to a sequence of steps like the following: 1 Task A calls...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: da9063 – A better fix for null dereferencing with partial DT. Two versions of the original patch were sent, but Version 1 was merged instead of Version 2 due to a mistake. Therefore, update to Version 2. The advantage ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: added a sanity check on the previous kernel’s ima kexec buffer. When the second-stage kernel is booted via kexec with a limiting command line such as “mem=”, the physical range that contains the carried-over IMA...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMSAVE/VMLOAD emulation. The commit cc3ed80ae69f states that “KVM: nSVM: always use vmcb01 for vmsave/vmload of guest state”. This commit ensured that KVM always used vmcb01 for the fields controll...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: Remove the tag set when the second admin queue configuration fails. Commit 104d0e2f6222 “nvme-fabrics: Reset the admin connection for secure concatenation” modified nvmetcpsetupctrl to call nvmetcpconfigureadminqueue...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption. Usually, there is only one llcc device. But if there were a second one, even a failed probe call would modify the global drvdata pointer. Therefore, check whether...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: IMA: Verify that the IMA buffer from the previous kernel is within the addressable RAM. Patch series “Address page fault in imarestoremeasurementlist”, version 3. When the second-stage kernel is booted via kexec with a limiting...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fixed an underflow in calculations for the second superblock position. The macro NILFSSB2OFFSETBYTES calculates the position of the second superblock. This calculation results in an underflow when the devicesize argument ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fixed an infinite recursive call of clippush. syzbot reported this issue below. 0 This issue occurs when we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push; during the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel assumes that the vmbus channel array is allocated when it is called. However, in situations like kdump/kexec, not all relids will be reset by...

PT-2026-41997

Name of the Vulnerable Software and Affected Versions LIVE555 versions prior to 2026.04.22 Description An authorization bypass exists in the RTSP session command handling. This allows attackers to replay valid Session tokens from unauthenticated connections. By obtaining a valid Session token, an...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2026-1699)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1699 advisory. When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Tenable has extracted the preceding description block...

SUSE CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

Incorrect Check of Function Return Value

Overview Affected versions of this package are vulnerable to Incorrect Check of Function Return Value in the "second factor" flow where FinishAssertionSteps fails to cross-check the verified credential handle against the requested username when a userHandle is not found for that username during t...

CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

PT-2026-40845

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...