CVE-2025-34294

Wazuh's File Integrity Monitoring FIM, when configured with automatic threat removal, contains a time-of-check/time-of-use TOCTOU race condition that can allow a local, low-privileged attacker to cause the Wazuh service running as NT AUTHORITY\SYSTEM to delete attacker-controlled files or paths...

EUVD-2025-36535

Wazuh's File Integrity Monitoring FIM, when configured with automatic threat removal, contains a time-of-check/time-of-use TOCTOU race condition that can allow a local, low-privileged attacker to cause the Wazuh service running as NT AUTHORITY\SYSTEM to delete attacker-controlled files or paths...

CVE-2025-34294

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the behavior originates from a documentation-published Active Response example script. Please refer to this advisory https://github.com/wazuh/wazuh-documentation/security/advisories/GHSA-46r5-xp98-fpgg...

CVE-2025-34294

This CVE entry is rejected/not used and does not represent an active vulnerability.

CVE-2025-34294

...

CVE-2025-34294

...

编号撤回

Wazuh File Integrity Monitoring is a file integrity monitoring software from Wazuh USA. A security vulnerability exists in Wazuh File Integrity Monitoring that stems from insufficient synchronization and inadequate final path validation in the threat removal workflow, which could lead to local...

PT-2025-44187

Name of the Vulnerable Software and Affected Versions Wazuh affected versions not specified Description A time-of-check/time-of-use TOCTOU race condition exists in the File Integrity Monitoring FIM component when automatic threat removal is enabled. This can allow a local, low-privileged attacker...

MAL-2025-6128 Malicious code in splice-pulumi-common-validator (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f14575bc2da7a355de468310839aa06cea1b89f21b60553520aacc0b5cd693ef Any computer that has this package installed or running should be considered...

MAL-2025-6002 Malicious code in rtp-rapyd (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0a521f8592c35bef558ae1fd9a4f584f1365784b6f3254816e6db8f4592e453 Any computer that has this package installed or running should be considered...

Scammers Sneak 300+ Ad Fraud Apps onto Google Play with 60M Downloads

Google Play Store hit by 300+ fake Android apps, downloaded more than 60 million times pushing ad fraud and data theft. Learn how to spot and remove these threats...

MAL-2025-1457 Malicious code in yizhifabao63 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e401203ed8c584cdb95319e5420fa866fc2bfc7c74af5da32079aec65289308 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malwarebytes crushes malware all the time

About a month ago, The PC Security Channel TPSC ran a test to check out the detection capabilities of Malwarebytes. They tested Malwarebytes by executing a repository of 2015 “malicious” files to see how many Malwarebytes would detect. This YouTube video shows how a script executes the files and...

MAL-2024-627 Malicious code in wlwz-2312-5007 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ce422b0b38894bcf0dd28be9844ac7653f6c5884543e4736fbeb834d17c8fd6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...