Malicious code in storj-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c29c7e82f958f9ed89af6fc324d687bfe4e15d4b2aa49fee39f5aeeb4eee5583 The OpenSSF Package Analysis project identified 'storj-docs' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-38226

creationtimestamp| type| source ---|---|--- 2024-09-10 17:25:32+00:00| seen| https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review 2024-09-11 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1368 2024-09-11 09:47:58+00:00| exploited|...

Malicious code in cugraph-dgl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6c1f145fd51ee7737cb44e28b07d4ec3bfe53f4a8aac51d0b8bce58ef8bd71f7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in debug-toolbar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 57a187231b24ff90938749793a1f8f768e606a7fe5da9d2c6d74510419c14ed0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in sap-adv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5935ab744274c1707e0477f65c8639076dc9448a4add5aad7fe2466cf5ee14db The OpenSSF Package Analysis project identified 'sap-adv' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicat...

Robotmk Security Vulnerabilities

Robotmk is an open source Robot framework integration for Checkm k by ELABIT. A security vulnerability exists in Robotmk versions prior to 2.0.1, which stems from a shared holotree usage feature that allows any user to edit any Python environment, resulting in elevated privileges for the local us...

CVE-2024-30163

creationtimestamp| type| source ---|---|--- 2024-05-19 15:31:55+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/10529 2025-05-28 07:25:12+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-30163.yaml 2025-05-31...

Python's PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...

Malicious code in soundcloud-scrape (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49aa7d872acd9b91dd62d1aec545292c8d638126b53eadcc46435726c1c4215a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in uui-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20e448a4d82eef5d5f76dd3f8c325358b3b2df9e1d124b28a4a2843f466cb94a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sourcify-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b9df2af027b2402dd66d002eec5cfbf3b37918861883becfce5f43127483c9be The OpenSSF Package Analysis project identified 'sourcify-ui' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in discord.js-self-v22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 672d9ccd18153a9163f1f9a63ec5d765f412cf86a198d526fb04ecc5aa6eab3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in discord.js-self-v21 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7ff51b0a254299fbcba44e692ad912d759a48d835ffcb10759424392b1debdd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-48796

creationtimestamp| type| source ---|---|--- 2023-12-16 14:48:00+00:00| seen| https://t.me/ctinow/155412 2025-11-28 07:40:54+00:00| seen| https://seclists.org/oss-sec/2025/q4/215 2025-11-28 10:24:27+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m6oo6f2zvs2g 2026-04-09...

Malicious code in orchestrationdesk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7c4b49b3a4dec106baa72132f15b7493b62457fa4f2bc0c4bf2ddfe83e58ea9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ifl-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15d842c50e1aff05fb5874d61c1f60e5a803cc51a39cda09deb405e5c6935bce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in watchman-search-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9d31c46bc906a3eeb18b4852518f529d915f87ab7935775541759d38c18151e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in eslint-plugin-blade (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aae9177af783553501be9b3995cd5eebfa3a3aaef47e65237aa9f29e4630b64d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

Google has announced that it's expanding its Vulnerability Rewards Program VRP to compensate researchers for finding attack scenarios tailored to generative artificial intelligence AI systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than...

CVE-2023-36563

creationtimestamp| type| source ---|---|--- 2023-10-10 21:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-10-10 22:17:08+00:00| seen| https://t.me/cibsecurity/72007 2023-10-10 22:28:16+00:00| seen| https://t.me/ctinow/142391 2023-10-11 04:00:00+00:00| seen|...