MAL-2025-23244 Malicious code in instacarro-sellers-appointments-api (npm)

The package instacarro-sellers-appointments-api was found to contain malicious code...

A week in security (April 24 -30)

Last week on Malwarebytes Labs: LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities Update now: Critical flaw in VMWare Fusion and VMWare Workstation Magecart threat actor rolls out convincing modal forms Fileless attacks: How attackers evade traditional AV and how to...

Arbitrage Opportunity for Non-Sellers

Lines of code Vulnerability details Impact Non-sellers can flood the system with arbitrage auctions. Proof of Concept The seller can wait until 1 instant minute? before the end of the auction. Now the seller places a bid a couple percent above the current market price, enough to cover the seller'...

The amount of an ERC1155 token should be checked.

Lines of code Vulnerability details Impact For NFT token of type ERC1155, there may be multiple tokens with the same tokenId. Therefore, when processing orders of type ERC1155, it is necessary to check not only whether the tokenId of the NFT for both buyers and sellers are matched, but also the...

How to Avoid the Worst Instagram Scams

Fake sellers. Competitions. Crypto cons. There are plenty of grifts on the platform, but you don’t have to get sucked in...

Fee on transfer tokens not supported

Lines of code Vulnerability details Impact Fee on transfer tokens would lead to sellers getting more PT than what the pool has received in underlying as the difference in balance is not accounted for, only the a input. This is also true for mintWithUnderlying as minters get more in relation to th...

CVE-2022-29627

An insecure direct object reference IDOR in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers...

CVE-2022-29627

An insecure direct object reference IDOR in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers...

Dark Web Drug Busts Lead to 150 Arrests

Operation Dark HunTor spanned eight countries—and put the focus on sellers more than marketplaces...

The Underground Exploit Market and the Importance of Virtual Patching

Over the past two calendar years, we conducted research on the underground exploit market to learn more about the life cycle of exploits, the kinds of buyers and sellers who transact, and the business models that are in effect in the underground...

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify...

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify...

GSI has a logic flaw vulnerability

GSI is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function of GSI's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...

CVE-2020-10266

CVE-2020-10266 affects UR+ (Universal Robots+) components used with Universal Robots robotic arms (e.g., UR10). The vulnerability arises because installing components from UR+ involves no integrity checks, and the SDK to create such components is publicly available. An attacker could craft a mali...

WordPress YITH WooCommerce Best Sellers plugin <=1.1.12 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Best Sellers plugin versions =1.1.12. Solution Update the WordPress YITH WooCommerce Best Sellers plugin to the latest available version at least 1.1.13...

Hackers steal Amazon sellers’ funds in “extensive” attack

By Uzair Amir Amazon says it was a "serious" attack targeting 100s of sellers. The American e-commerce and technology giant Amazon.com, Inc. has announced that it was hit by a fraud attack in which unknown hackers targeted over 100 sellers stealing their earnings they made through sales or loans...

Amazon Is Losing the War on Fraudulent Sellers

Excellent article on fraudulent seller tactics on Amazon. The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon's ranking system to promote products, protect accounts from disciplinary actions, and crush competitors. Sometimes, these black hat companies brib...

CVE-2018-13232

The sell function of a smart contract implementation for ENTER ENTR Contract Name: EnterCoin, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...

CVE-2018-12063

The sell function of a smart contract implementation for Internet Node Token INT, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable...

15-Year-old Finds Flaw in Ledger Crypto Wallet

A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies. Ledger's Nano-S...