MAL-2026-2418 Malicious code in tombac-chronos (npm)

Suspicious install script executing index.js and an untrustworthy author email domain sl4x0.xyz strongly suggest this package is malware. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e040ef4bdedbed143a5a8d1a1bb0389fa07848772a87c03da1c67557ced13e The package...

Malicious Package

Overview react-async-component-lifecycle-hooks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

UBUNTU-CVE-2022-48890

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvscqueuecommand maps the scatter/gather list using scsidmamap, which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in...

CVE-2023-52658

In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash...

CVE-2023-52658

In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash...

CVE-2023-52658

In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash...

GHSA-QC9X-GJCV-465W Pipenv's requirements.txt parsing allows malicious index url in comments

Issue Summary Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file e.g. with "pipenv install -r requirements.txt...

Who is to blame for the malicious Barcode Scanner that got on the Google Play store?

In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update, we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. All initial signs led us to believe that LavaBird LTD was the developer of this...

EncroChat system eavesdropped on by law enforcement

Due to the level of sophistication of the attack, and the malware code, we can no longer guarantee the security of your device. This text caused a lot of aggravation, worries, and sleepless nights. No one wants to hear the security of their device has been compromised by a malware attack. The goo...

Forced Password Reset? Check Your Assumptions

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site's...

Russia is Banning Telegram

Russia has banned the secure messaging app Telegram. It's making an absolute mess of the ban -- blocking 16 million IP addresses, many belonging to the Amazon and Google clouds -- and it's not even clear that it's working. But, more importantly, I'm not convinced Telegram is secure in the first...

New Rules Announced for Border Inspection of Electronic Devices

The U.S. Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points. Agents now need “reasonable suspicion” in advance of searches of phones, computers, tablets, cameras or any other digital device belonging to people entering ...

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

Kaspersky Lab — We have nothing to hide! Russia-based Antivirus firm hits back with what it calls a "comprehensive transparency initiative," to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community. Kaspersky launch...

Socat Weak Diffie-Hellman Prime Number

Update Socat is the latest open source tool to come under suspicion that it is backdoored. Socat is a versatile command line utility that builds bi-directional communication streams and moves data between channels, including files, network pipes, serial connected devices, sockets or a combination...

Hacker removed Mark Zuckerberg's Facebook Timeline Cover Photo

Something unusual happened today, Mark Zuckerberg's Facebook Timeline Cover Photo is removed, as shown in the above Screenshot. Suddenly, after few hours, I got a mail from an Egyptian Hacker with nickname 'Dr.FarFar', claimed that he has hacked the Mark Zuckerberg's Facebook Profile and removed...

Основатель компании McAfee попросил убежища в Гватемале

Основатель компании McAfee Джон Макафи, которого подозревают в убийстве своего соседа в Белизе, попросил убежища в Гватемале. Об этом сообщает Agence France-Presse со ссылкой на адвоката Макафи. Как сообщил адвокат Телесфоро Гуэрра, которого Макафи нанял в Гватемале, его подзащитный пересек грани...

Sky News: Hacking was "Responsible Journalism" in Public Interest

In a statement published by The Guardian Thursday, Sky News admitted to twice authorizing a journalist to hack into the email accounts of persons suspected of crimes, defending its actions as “editorially justified.” In the first incident, the broadcaster admitted hacking the e-mail account of Jo...

HKEx - Hong Kong stock exchange Hacked

HKEx - Hong Kong stock exchange Hacked Trading in Hong Kong was disrupted on Wednesday by a hacking incident on the Hong Kong Exchange website. "Our current assessment that this is a result of a malicious attack by outside hacking," Charlies Li, chief executive of Hong Kong Exchanges & Clearing,...