27 matches found
Fake macOS Troubleshooting Sites Used to Steal iCloud Data in ClickFix Scam
Microsoft researchers warn of a new ClickFix campaign targeting macOS with fake guides on Medium and Craft to deploy AMOS and SHub Stealer via Terminal commands...
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
In this article 1. Activity overview 2. Mitigation and protection guidance 3. Hunting queries 4. Indicators of compromise Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration...
CVE-2026-30308
CVE-2026-30308 affects HAI Build Code Generator's automatic terminal command execution feature. The tool offers two options: Execute safe commands or Execute all commands. The root cause is prompt-injection-based bypass: an attacker can wrap a malicious command in a generic template and mislead t...
SakaDev 安全漏洞
SakaDev is an AI-driven software development assistant developed by Rahman Azhar. SakaDev has a security vulnerability, which stems from defects in the design of automatic terminal command execution. This vulnerability makes it susceptible to prompt injection attacks, potentially allowing arbitra...
CVE-2026-30304
AI Code’s CVE-2026-30304 stems from its design that auto-executes commands deemed safe while requiring approval for potentially destructive ones. Multiple trusted sources describe a prompt-injection flaw: an attacker can wrap malicious commands in a generic template and fool the model into classi...
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands –...
EUVD-2024-43133
Malicious code in bioql PyPI...
EUVD-2025-2685
Malicious code in bioql PyPI...
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools. "In the case of LastPass, the fraudulent repositories redirected potential victims to a...
CVE-2025-22275
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python...
CVE-2025-22275
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python...
CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K
Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...
Cursor 输入验证错误漏洞
Cursor is an AI code editor from the Cursor open source. An input validation error vulnerability exists in versions prior to Cursor 20240927, which stems from the fact that if a user generates terminal commands via Cursor's Terminal Cmd-K/Ctrl-K functionality, an attacker could potentially...
PT-2024-33268 · Cursor · Cursor
Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 0.42 Description: The issue allows an attacker with control over a malicious web page to influence a language model to output arbitrary commands for execution in the user's terminal. This scenario requires the user to...
PT-2023-27086 · Mintty · Mintty
Name of the Vulnerable Software and Affected Versions: Mintty versions 3.6.4 and earlier Description: An issue in Mintty allows a remote attacker to execute arbitrary code via crafted commands to the terminal. Recommendations: For Mintty versions 3.6.4 and earlier, update to a version later than...
rubygem-rack: crafted requests can cause shell escape sequences
A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...
PYSEC-2022-165
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...
GravCMS 1.10.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...
Prototype Pollution in bonnevoyager/nested-objects-util
Description nested-objects-util is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var unflatten = require"nested-objects-util" console.log"Before : " + .polluted; unflatten"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2...
CVE-2020-11807
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code and sometimes terminal commands on a server by making an avatar update and then visiting the avatar file under the /images/ path...