Malicious code in rookie-security-test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1af47f1485c4c5bd3c6ee3cb7330781c1892ebc8bea1c59b0a0045c49ab8c93d The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2026-5132 Malicious code in rookie-security-test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1af47f1485c4c5bd3c6ee3cb7330781c1892ebc8bea1c59b0a0045c49ab8c93d The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

PT-2026-35960

Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.15.0 through 0.15.x Description An attacker accessing the official website or any local and public deployment can craft a malicious payload that bypasses the "MCP test" behavior to achieve arbitrary remote code execution RCE...

python-ecdsa DER Parser Security Test Suite

This Python script is a security test and validation suite for the python-ecdsa library, focused on detecting potential DER Distinguished Encoding Rules parsing anomalies that may relate to CVE-2026-33936...

Exploit for CVE-2026-3891

CVE-2026-3891 Pix for WooCommerce = 1.5.0 - Unauthenticate...

Malwarebytes earns PCMag Best Tech Brand spot, scores 100% with MRG Effitas

Malwarebytes is on a roll. Recently named one of PCMag's “Best Tech Brands for 2026,” Malwarebytes also scored 100% on the first-ever MRG Effitas consumer security product test, cementing the fact that we are loved by users and trusted by experts. But don’t take our word for it. As PCMag Principa...

Epic_POC7

Epi...

Malicious code in api-security-test (npm)

The package api-security-test was found to contain malicious code...

MAL-2025-14644 Malicious code in api-security-test (npm)

The package api-security-test was found to contain malicious code...

Malicious code in spring-security-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1c1536bc422839f96c59d0abf7e874f94ede428b9047a56668eb0293b047631 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4887 Malicious code in spring-security-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1c1536bc422839f96c59d0abf7e874f94ede428b9047a56668eb0293b047631 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Multiple accounts can have the same identity

Lines of code Vulnerability details Users can register their on-chain identity ie their CID NFT by calling AddressRegistry.register File: src/AddressRegistry.sol 42: function registeruint256 cidNFTID external 43: if ERC721cidNFT.ownerOfcidNFTID != msg.sender 44: // We only guarantee that a CID NF...

GSD-2022-1007060 firmware: google: Test spinlock on panic path to avoid lockups

firmware: google: Test spinlock on panic path to avoid lockups This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

Win-Brute-Logon - Crack Any Microsoft Windows Users Password Without Any Privilege (Guest Account Included)

This PoC was ported in pure PowerShell: https://github.com/DarkCoderSc/power-brute-logon Win Brute Logon Proof Of Concept Release date: 2020-05-14 Target: Windows XP to Latest Windows 10 Version 1909 Weakness location : LogonUserA, LogonUserW, CreateProcessWithLogonA, CreateProcessWithLogonW Usag...

Forced Entry: A Security Test for Automatic Garage Doors

In this blog entry we revisit threats to automatic garage doors by using SDR to test two attack scenarios. We demonstrate a rolling code attack and one that involves a hidden remote feature...

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over...

With IoT, common devices pose new threats

For Instance… Hackers Setting Your 3D Printer on Fire The world is careening toward the reality that almost all electronics in your home and business are connected to the internet. Many of these devices contain things like heating elements, batteries, and motors that are entirely...

dicom-brute NSE Script

Attempts to brute force the Application Entity Title of a DICOM server DICOM Service Provider. Application Entity Titles AET are used to restrict responses only to clients knowing the title. Hence, the called AET is used as a form of password. Script Arguments brute.credfile, brute.delay,...

Visit Wallarm at Google Cloud Next

April 9–11, San Francisco, CA We are excited to join the community of the GCP professionals and demonstrate Wallarm web and API protection solutions custom-built for Google Cloud-powered applications. A certified GCP-partner, Wallarm delivers AI-powered security solution built to help your busine...

Sh00T - A Testing Environment for Manual Security Testers

A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...