Lucene search
K

7 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:47 a.m.14 views

Malicious code in @serviceshub/x-web-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cd81c2623e8f621801dcbfbf7d7eb8745bf702f1d5e85e410872400c7d2eea7 Package ships a trivial index.js module.exports = ; and exists solely to pull a direct-URL tarball dependency at install time. package.json line 9...

5.6AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2024/06/17 8:28 p.m.10 views

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and...

6.3AI score
Exploits0
Trellix
Trellix
added 2023/10/10 12:0 a.m.19 views

Peeling off QR Code Phishing Onion

Peeling off QR Code Phishing Onion: Revealing the Hidden Layers of Deceit By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023 Introduction: Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an...

7AI score
Exploits0
OSV
OSV
added 2019/09/30 10:15 p.m.13 views

CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

7.5CVSS6.6AI score
Exploits0References4
Debian CVE
Debian CVE
added 2019/09/30 9:39 p.m.27 views

CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

7.5CVSS6.2AI score0.0126EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2019/09/30 9:39 p.m.30 views

CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

7.5CVSS6AI score0.0126EPSS
Exploits1
Node.js
Node.js
added 2019/05/06 2:16 p.m.16 views

Malicious Package

Overview All versions of reequest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Rows per page
Query Builder