EUVD-2025-113675

Malicious code in fetch-celeste-link-quantum npm...

EUVD-2025-53283

Malicious code in mere-apricot-ermine npm...

EUVD-2025-56637

Malicious code in vina-keripik99-sluey npm...

A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk

We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users...

Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter

Summary Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to code.InteractiveInterpreter.runcode function in reduce meth...

Malicious code in photofeed (npm)

The package photofeed was found to contain malicious code...