MAL-2026-4366 Malicious code in @autoheal/setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...

CVE-2025-68016

Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through = 1.1.2...

CVE-2025-68016

Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through = 1.1.2...

CVE-2025-68016

Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through = 1.1.2...

SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity "reveals a notable evolution in...

EUVD-2021-0713

Malware in sbrugna...

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities

An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control C2. Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which ...

RHEL 8 : nodejs-ssri (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ssri: Regular expression DoS ReDoS when parsing malicious SRI in strict mode CVE-2021-27290 Note that Nessus...

CVE-2024-30250

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

Cross-Origin Resource Sharing (CORS) Bypass

@kindspells/astro-shield is vulnerable to Cross-Origin Resource Sharing CORS Bypass. This vulnerability due to the introduction of valid integrity attributes to injected code and SRI hash added to the generated Content Security Policy CSP header, fooling the browser into believing that the inject...

In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Impact Versions from 1.2.0 to 1.3.1 of Astro-Shield allow to bypass the allow-lists for cross-origin resources by introducing valid integrity attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believ...

Node.js: fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

The vulnerability in the undici library in Node.js was that the parseHashWithOptions function did not properly handle base64url encoded hashes and invalid hashes. This allowed resources to be loaded without the expected Subresource Integrity SRI checks being performed...

Malicious code in wm-webpack-player-sri (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2ce8f86b27a02853a91d351ebf67ea4c8b697d62b1c65c295b7a01cfa89148ec The OpenSSF Package Analysis project identified 'wm-webpack-player-sri' @ 0.0.71 npm as malicious. It is considered malicious because: - The...

kitesurfen-sri-lanka.at Cross Site Scripting vulnerability OBB-3298742

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Donot APT Group Targets Government and Military Orgs in South Asia

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Donot group, also known as APT-Q-38, is a state-sponsored threat actor believed to operate out of a South Asian country. They primarily engage in network espionage activities targeting government...

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics an...

CVE-2022-36315

CVE-2022-36315 affects Mozilla Firefox older than 103. An attacker with injection capability could trigger reuse of cached scripts loaded with Subresource Integrity, causing mismatched integrity metadata to be applied to previously cached entries. This is a browser-side issue in the SRI handling ...

sri-nisargadatta-maharaj-mon-maitre.com Cross Site Scripting vulnerability OBB-3059170

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...