Fake calendar invites are spreading. Here’s how to remove them and prevent more

We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...

CVE-2025-41115 Incorrect privilege assignment

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...

kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in...

Malicious code in radiant-express-sync-tachyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc11ed6a8c3867ed71199224db53e25c2338a7f38da642038050bbef32d06101 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186820 Malicious code in eris-sync-loglevel-dorado (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eceef989feeada3339ec402d1445f185a3b004a1f1c1c4a71553971739a38d8a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in init-venus-sync-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b6e40d812a9363fa5f719d89f8033b005cc387fbeadb50dac11ca6fcd9ba44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in standard-altair-izar-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7aa4728fd5bccd6fec6ad0f4459479b41c02571c837732ad3e92688a04eb9bf9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sync-taurus-cluster-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 187342dda72bcfd9fa9b7508990e5f40d3d2fc29ab165be4e68d0524f897b5b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176278

Malicious code in spawn-nova-antares-sync npm...

EUVD-2025-176091

Malicious code in sync-decoherence-xanthus-express npm...

EUVD-2025-176090

Malicious code in sync-hugo-xanadu-module npm...

EUVD-2025-176089

Malicious code in sync-taurus-cluster-webpack npm...

EUVD-2025-176087

Malicious code in sync-vega-apex-prettier-plugin-markdown npm...

EUVD-2025-177393

Malicious code in outercore-sync-fornax-lightyear npm...

EUVD-2025-177345

Malicious code in paleontology-sedna-enif-sync npm...

EUVD-2025-176653

Malicious code in restart-warp-webdriver-mocha-sync npm...

EUVD-2025-178714

Malicious code in geomorphology-cressida-sync-atlas npm...

EUVD-2025-178526

Malicious code in hexo-restart-farout-sync npm...

EUVD-2025-178401

Malicious code in init-venus-sync-figures npm...

EUVD-2025-178231

Malicious code in jwt-sync-ora-selenium npm...