MAL-2025-628 Malicious code in node-telegram-sdk (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64fa53b655e6444ccce46488f04d3dcf7f427354b64c286c652de18e947c2c74 Any computer that has this package installed or...

Malicious Package in leetlog

Versions 0.1.2 and 0.1.3 of leetlog contain malicious code. The package adds an arbitrary hardcoded SSH key identified as hacker@evilmachine to the system's authorizedkeys Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets an...

Malicious Package

Overview Versions 0.1.2 and 0.1.3 of leetlog contain malicious code. The package adds an arbitrary hardcoded SSH key identified as hacker@evilmachine to the system's authorizedkeys Recommendation Any computer that has this package installed or running should be considered fully compromised. All...

Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net firmware exposes private root SSH key

Overview Digital Alert Systems DASDEC and Monroe Electronics One-Net E189 Emergency Alert System EAS devices exposed a shared private root SSH key in publicly available firmware images. An attacker with SSH access to a device could use the key to log in with root privileges. Description The Digit...

Apache Site Hacked Through SSH Key Compromise

The main site of the Apache Software Foundation was compromised on Friday through an attack using a compromised SSH key, leading to concerns about the integrity of copies of the hugely popular Apache Web server, which is distributed through the Apache.org site. Early Friday morning EDT, a message...