GHSA-HR8G-6V94-X4M9

creationtimestamp| type| source ---|---|--- 2025-07-16 05:01:52+00:00| seen| https://gist.github.com/safer-bot/462e0a3d9968559e1a005f457ab6feb0 2025-07-16 06:05:35+00:00| seen| https://gist.github.com/safer-bot/678e0ba18d8f78e6a69974ba13c63b56 2025-07-16 08:17:43+00:00| seen|...

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software. To that effect, the U.S. Department of Justice DoJ said it seized four...

Microsoft 3D Viewer (Windows SMB Login)

SMB login-based detection of Microsoft 3D Viewer. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GIMP (Windows SMB Login)

SMB login-based detection of GIMP. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.836058";...

MAL-2025-1720 Malicious code in amazon-sync (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1077 Malicious code in com.unity.services.core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 570e09325b7eeead7439db1cd6a223b5de2ddab48982af7bb43957a6c48d9069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Web Media Extensions (Windows SMB Login)

SMB login-based detection of Microsoft Web Media Extensions. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

MAL-2024-7340 Malicious code in @zitterorg/quasi-quidem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20f6a4592f0557258ab1a57552b4a83fbe1cf605de22c693c05db453403fddd8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1593 Malicious code in ato-z-web-identity-components-app-cdk-adp-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c33c62d31d74de8fa6a7a3911507ce9a8d513bccb45ff1b51b7fbb9068920d3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer...

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

Three additional rogue Python packages have been discovered in the Package Index PyPI repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from...

WildFly Detection (HTTP)

HTTP based detection of WildFly. This VT has been deprecated as a duplicate of the VT SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

New Woody RAT Malware Being Used to Target Russian Organizations

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office...

MAL-2022-6987 Malicious code in vtpzfdicergkhjsm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f12b8baceceea3cd62951534c2c177a91ac2efc22215bd9bc855ac34b27487b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-51 Malicious code in @3p-future-solutions/ember-cui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 397fc341835af149d910a487918b036cb2520795441767e7953264ec9c8a86d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1302 Malicious code in azure-communication-network-traversal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f7a0cec00dbd776206a45492d115fdad30ccb30649387fcb23e928778c431a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6408 Malicious code in tachyon-package-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae18148f1b8cced6389ea598fe00fb1d3c44c754a460765e64c6e02c5c1a0c18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2632 Malicious code in dx-osc-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cd2b7845745d96a64e8582c8a27cda79f92322c2353e175a41f2268163f3a89 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-375 Malicious code in @kaspersky/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 353c3be162a0520ec9a4097a45b0b3df2fc85b4ac6993fc40cca5a13708e3e4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...