Malicious Package

Overview @car-loans/desktop-car-loans-application is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...

Malicious Package

Overview nicegui is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between those...

Malicious Package

Overview redeem-onchain-sdk is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection betwee...

Malicious Package

Overview period-newline is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between...

Gaza Cybergang Returns With New Attacks On Palestinian Authority

Security researchers from Check Point Threat Intelligence Team have discovered the comeback of an APT advanced persistent threat surveillance group targeting institutions across the Middle East, specifically the Palestinian Authority. The attack, dubbed "Big Bang," begins with a phishing email se...

Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer — Mozilla

Mozilla intern Julian Hector discovered a regression in the graphics buffer management of Firefox OS's graphics layer that would lead to graphics memory corruption by providing negative size parameters. JavaScript can not access the graphics layer in a way required to trigger this vulnerability,...

Splunk collect file Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Splunk. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the advanced search...