21 matches found
MAL-2026-6467 Malicious code in @vpms/design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...
MAL-2026-6346 Malicious code in triage-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef2bb10931626a345e1277463f9c2ec6ca36108c2d6131c9210707ea5692a64 package.json declares preinstall: node index.js, so the payload runs automatically on npm install with no user action. index.js requires os, fs, and...
MAL-2026-5856 Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
Malicious code in getd-handler-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83398d27bb84d47296f796b4b2e6e9b5a0efc474add2e57592455e7d5d54eab5 On npm install, postinstall.js collects the installer's hostname, username, platform, current working directory, and CI-related environment variables...
MAL-2026-4487 Malicious code in audit-logsss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f1d266fef23fc79d6af52affefa68c2220baad023d09a7acc4d439a23dfdb69 The package's postinstall script executes shell reconnaissance id || ver && whoami && hostname, fetches the installer's public IP from api.ipify.org,...
MAL-2026-4490 Malicious code in auth0-templates-scripts-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9a505fcbf6daef28b6625dcbde65ea1dd00b01c1a684debfdedfc7e5bc3643 Package name impersonates the Auth0 ecosystem. Its postinstall hook node index.js runs unconditionally on npm install and performs a multi-stage data...
MAL-2026-3757 Malicious code in claw-subagent-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2ccba152d6841731431c91157874c72b5f9778fdf88b634a45ab5d9da961307 On npm install -g, the package's scripts/post-install.js registers a privileged Windows service claw-subagent-service pointing at service/daemon.js,...
EUVD-2021-19678
Malware in sbrugna...
EUVD-2023-46237
Malicious code in bioql PyPI...
EUVD-2023-46241
Malicious code in bioql PyPI...
CVE-2023-44213
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 35739, Acronis Cyber Protect 16 Windows before build 37391...
CVE-2023-41745
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30991, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...
Exploit for Deserialization of Untrusted Data in Spip
SPIP CVE-2023-27372 Unauthenticated RCE Exploit Web Shell Upl...
Malvertising campaign leads to info stealers hosted on GitHub
In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that impacted nearly one million devices globally in an opportunistic attack to steal information. The attack originated from illegal streaming websites embedded with malvertising redirectors, leadi...
uniapi version 1.0.7 contained an information harvesting script.
uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...
Malicious code in byted-tbs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 749adf634a79e321082a53a1715caf4c239935563b6c3dadbd8e3e60e0e41485 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns
Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...
CVE-2023-48680
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 macOS, Windows before build 37391...
Information disclosure
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30991, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...
CVE-2023-41745
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30991, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...