MAL-2026-5575 Malicious code in testzapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5840f2a3b34d7f32de7243a146ecf85ac875bd1ef09b0ba9a395d08e356084f package.json declares a preinstall hook node index.js that fires automatically on npm install. index.js spawns a shell that runs curl -X POST against...

Intel Sues Ex-Engineer for Stealing 18,000 ‘Top Secret’ Files

Intel, the leading computer chip maker, has filed a lawsuit seeking at least $250,000 in damages from a…...

CVE-2025-59427

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...

Information Leakage

@electron/packager is vulnerable to Information Leakage. The vulnerability is due to improper memory allocation during the bundling process, which can expose sensitive information such as environment variables or secret files...

GHSA-C24V-8RFC-W8VW Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Summary Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to host...

SUSE CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

Casper-Fs - A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files

Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Yes, not even the root has permission to see the files or make actions like edit and...

DorkScout - Golang Tool To Automate Google Dork Scan Against The Entiere Internet Or Specific Targets

dokrscout is a tool to automate the finding of vulnerable applications or secret files around the internet throught google searches, dorkscout first starts by fetching the dorks lists from https://www.exploit-db.com/google-hacking-database and then it scans a given target or everything it founds...

h1-ctf: [h1-415 2020] Multiple vulnerabilities leading to leaking of secret user files

Hello, I'm just submitting both flags for CTF, will send my write up on hacker summary, since it's 7:00 am now :. Original flag for CTF: h1ctfy3s1mc0sm1cn0w Extra flag for unintended account takeover: h1ctfwtf1shapp3ningw1thth1ss1mulat1on Sincerely, @nukedx Impact By chaining multiple...

WordPress Anti-Malware Security and Brute-Force Firewall Plugin Local File Inclusion

A file inclusion vulnerability exists in WordPress Anti-Malware Security and Brute-Force Firewall. Successful exploitation of this vulnerability could allow a remote attacker to retrieve contents of secret files on the affected system...

Dark Overlord hackers publish first batch of “secret” 9/11 files

By Waqas The Dark Overlord hackers have fulfilled their promise and published the first batch of decryption keys for 650 documents in a 70 megabytes file related to the 9/11 attacks. Initially, the group had vowed to publish 10GB of data on Twitter account or on a Dark Web form called “KickAss.”...

Minimalistic CLI Tool to Manage Encrypted Volumes: Tomb

Tomb is an 100% free and open source system for file encryption on GNU/Linux, facilitating the backup of secret files. Tomb is written in code that is easy to review and links commonly shared components. Tomb generates encrypted storage folders to be opened and closed using their associated...

Hackers disclose secret Ankara police files password '123456'

Hackers disclose secret Ankara police files password '123456' Hackers from the "RedHack" group who brought down the Ankara Police Department's website and acquired secret information last week said one of the passwords of the secret police files was "123456." A member of the hacking group named...