54 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
The Computer Emergencies Response Team of Ukraine CERT-UA has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and...
Rival Hackers Dox Alleged Operators of Lumma Stealer
Rival hackers expose the alleged operators behind Lumma Stealer, a major data-theft malware, causing leaks and internal chaos that have slowed its growth...
Linux Distros Unpatched Vulnerability : CVE-2018-1000665
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and...
New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware
Cisco Talos researchers have discovered a dangerous new malware framework called PS1Bot. Active since early 2025, this sophisticated…...
Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
The U.S. Federal Bureau of Investigation FBI formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People's Republic of Korea North Korea was responsible for the the...
Malicious code in py-infohydrarandom (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8b33f80b0693f39c98c339be819a9518bedd56077b20c5e5ac8b71e703de101c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqpeprandpaypal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx aea048ba013f7ce939059d9531409ed96c93631c646b24bd3ac9e6d2f3a6cb29 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqhackedlgtbpip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx bd6276a4e7765be4133f2dac570d7dff2ee5d840441edb46e0de688f805a7a05 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-getcvad (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx cebf11d302a9bc2aa93fb73cde128f8d3de9ff1ddc223609ec865396ab72bdfc EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfpostponghydra (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b35814d9a292db45a0a768460ad351988403c29893f7487f2bc87b3d01d30f43 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in libencodeultrainfo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 784672c439827c688d501aef7c51cd613a8c829999a1107d168f32edb7962ad2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfsuperramvirtual (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 59deb0cb03101a4548020b0c9060e266ba9cd15cca7c25833daa9c8327fd3d47 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqpygamevirtual (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 034b0cd7c8ffec4b11c742e85a98ee30bc722d0014314e3cdb79f09b7bd9b021 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfliburlvirtual (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 128582fd9f4fb150e476ede9383751bd8417fd31bb152e4d258408968b3a0742 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqlgtbguistr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 03e05eee9d71ba1e87c875c37a4d12eb52e07296554bf0ef2619143ac5e647ef EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...