82 matches found
Malicious Package
Overview tinfoil-shops is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-3284 Malicious code in tinfoil-shops (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12060d7ba8ada1f0215277ed3936de1f8e9f03d47430fe816b634778291d7024 The package tinfoil-shops was found to contain malicious code. Source: ghsa-malware 5fafb06ed458abc37062e49cbd57b0e5c348dba7d88d1524ca5df198216d7326...
Malicious code in tinfoil-shops (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12060d7ba8ada1f0215277ed3936de1f8e9f03d47430fe816b634778291d7024 The package tinfoil-shops was found to contain malicious code. Source: ghsa-malware 5fafb06ed458abc37062e49cbd57b0e5c348dba7d88d1524ca5df198216d7326...
A week in security (March 16 – March 22)
Last week on Malwarebytes Labs: Could your face change what you pay? NYC wants limits on biometric tracking That "job brief" on Google Forms could infect your device A DarkSword hangs over unpatched iPhones Your tax forms sell for $20 on the dark web Researchers found font-rendering trick to hide...
Inside a network of 20,000+ fake shops
We mapped a sprawling fake shop operation of over 20,000 domains, dozens of shared IP addresses and identical storefronts with different names pasted on top. They exist for one purpose: to steal your payment details and personal data. The thread that ties them all together is a browser tab title...
A week in security (February 9 – February 15)
Last week on Malwarebytes Labs: How to find and remove credential-stealing Chrome extensions Fake shops target Winter Olympics 2026 fans Outlook add-in goes rogue and steals 4,000 credentials and payment data Child exploitation, grooming, and social media addiction claims put Meta on trial Apple...
CVE-2025-68890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...
CVE-2025-68890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...
CVE-2025-68890
CVE-2025-68890 is a DOM-based XSS in the hands01 e-shops e-shops-cart2 plugin (WordPress) caused by improper input neutralization during web-page generation, affecting versions from n/a through
CVE-2025-68890 WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...
CVE-2025-68890 WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...
PT-2026-1928
Name of the Vulnerable Software and Affected Versions hands01 e-shops e-shops-cart2 versions through 1.0.4 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a DOM-Based Cross-Site Scripting XSS condition. The issue allows for the...
WordPress plugin e-shops 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin e-shops versions = 1.0.4...
EUVD-2022-4525
Malicious code in bioql PyPI...
EUVD-2024-45583
Malicious code in bioql PyPI...
CVE-2020-21809
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the 1 listid parameter in detail.php and the 2 groupprice or groupid parameters in searchresult.php...
200+ Fake Retail Sites Used in New Wave of Subscription Scams
Bitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn…...
CVE-2024-51648
Cross-Site Request Forgery CSRF vulnerability in hands01 e-shops e-shops-cart2 allows Reflected XSS.This issue affects e-shops: from n/a through = 1.0.3...
Malicious code in zapier-shops-orders (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a081d17e6a916052da5d5af10b083f443f0713f3a687feb4186d21737b7c74b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...