MAL-2023-8031 Malicious code in ng-zulutrade-ssr (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b7f6b1d4585de70357f4ac94823e53c6846ebaeaf161d5088e75c3fde5f7ac05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

HackerOne: HackerOne SAML signup domain enforcement bypass results in unauthorized access to HackerOne PullRequest organization

A vulnerability was discovered where SAML signup domain enforcement for new signups belonging to SAML-enabled organizations could be bypassed by appending control characters, allowing unauthorized access. This was leveraged to access the HackerOne PullRequest organization and view source code in...

New Yashma Ransomware Variant Targets Multiple English-Speaking Countries

An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely...

Microsoft Signing Key Stolen by Chinese

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase "negligent security practices" is being tosse...

CVE-2023-38497 Cargo not respecting umask when extracting crate archives

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

WordPress Forminator 1.24.6 Plugin - Unauthenticated Remote Command Execution Vulnerability

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql - Apache2 -...

WordPress Forminator 1.24.6 Shell Upload

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...

MAL-2023-1056 Malicious code in binarium-crm (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0319a4b526e85c3f33642aef37de9fb6a431f79dc995b4829c1bf12b854d8721 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in binarium-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e6203f8ba86eed8c7eef3531a2e69f72fa4badbcd98e90b291436bf574cb24c7 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

FreeBSD-SA-23:08.ssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:08.ssh Security Advisory The FreeBSD Project Topic: Potential remote code execution via ssh-agent forwarding Category: contrib Module: OpenSSH Announced:...

FreeBSD-SA-23:09.pam_krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:09.pamkrb5 Security Advisory The FreeBSD Project Topic: Network authentication attack via pamkrb5 Category: core Module: pamkrb5 Announced: 2023-08-01...

MAL-2023-8013 Malicious code in binarium-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e6203f8ba86eed8c7eef3531a2e69f72fa4badbcd98e90b291436bf574cb24c7 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test521 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 166bebecf34acabc1fdf3c66906bda21b7b7e7043f76cf728dd8637270162021 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in awell-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f22989168c34b37227bb7bcfe0b03c27cd141f8ec26d34a78a0c0ba06553f881 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test523 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a102fc358a2f397cc33b778fdc8edcca752c4a93e273f3e728d9e936ef75cbff Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test527 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 873572cb006dd8216d097e1014bc26f4f54e2e57b00c4ed5db617993287c9735 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test531 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ba34269365aec86c0211ee348c1cc4f84e68214a7aed51304d8a309857881001 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test525 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 801d93e817d2a88be92c4ce8b23fb15ec2a02dba59eea3666d03eee45d2dd072 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in zip_achive_bp (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a268db221b575c75e97a65f2a00d56b0a4ac4d14910e381fa972bf522479022f Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in developer_backup_test529 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6f73644ba1b18278f2efd5eded48ae6a21c8477dc4c6e8120676bdb356438687 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...