MAL-2026-4908 Malicious code in @cloudplatform-single-spa/dataplatform-flink (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

CISA: Suspicious Unmanned Aircraft System Activity Guidance

Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators is intended for critical infrastructure stakeholders who are concerned with unmanned aircraft system UAS activity near or around their facilities...

Cloud-Metadata-Exploit-Detector

Cloud-Metadata-Explo...

Malicious code in spayee-micro-frontend (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16d410f61fc4213f1ca0f3f16618828e186e9c5c6b130545bdb49eb4c0d68ec5 Any computer that has this package installed or running should be considered...

MAL-2025-133 Malicious code in tagmyphotosblog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 68718b8c6a0e78b22dbddaeb5a6be69dac34b17d2e20d9a2fdf08d6bbbf95a00 The OpenSSF Package Analysis project identified 'tagmyphotosblog' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It's a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using...

PT-2024-6717

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: The issue is related to an SQL injection vulnerability in Palo Alto Networks Expedition. This vulnerability allows an unauthenticated attacker to reveal Expedition...

Malicious code in gltest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 538a0e3540a764042a57930b8729d61b05747d057875504da316d6ee14bf91fd Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in test-tool-devdevrl-hackerone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ebec7caa83974b9d99d79e73ba3ba948318120279d3a5b2a97ee7efddc023ef Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Cybercrime Rapper Sues Bank over Fraud Investigation

A partial selfie posted by Punchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev...

Compromise of Sisense Customer Data

CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services. CISA urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used ...

ThreatDown EDR update: Streamlined Suspicious Activity investigation

Navigating the complex world of alerts just got easier, thanks to our latest enhancements to the ThreatDown Endpoint Detection and Response EDR platform. The detailed technical information in EDR alerts—replete with complicated diagrams and references to advanced cybersecurity tactics—can overwhe...

CVE-2024-21412

creationtimestamp| type| source ---|---|--- 2024-02-13 19:17:24+00:00| seen| https://t.me/ctinow/184061 2024-02-13 20:37:03+00:00| seen| https://t.me/ctinow/184169 2024-02-13 20:41:42+00:00| seen| https://t.me/ctinow/184172 2024-02-13 20:41:43+00:00| seen| https://t.me/ctinow/184173 2024-02-13...

CVE-2023-50713

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Toke...

CVE-2023-50713 Speckle Server API Token Privilege Escalation

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Toke...

CVE-2023-50713 Speckle Server API Token Privilege Escalation

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Toke...

1Password Detects Suspicious Activity Following Okta Support Breach

Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed. "We immediately terminated the activity, investigated, and found no compromise of user data ...

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

Updates Nov. 02: Identified a third version of the BadCandy implant. Added expected response from the new version of the implant against one of the HTTP requests used to check for infected device. Nov. 1: Observed increase in exploitation attempts since the publication of the proofs-of-concept PO...

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you're seeking. Unfortunately, few users understand the implications of the permissions they allow when they...

Operation Triangulation: iOS devices targeted with previously unknown malware

While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform KUMA, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS device...