Malicious code in javascript-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d83c3b506a10b770a8c1f98d280262478cccc65708bb1066a72e0708dccaaf75 This malicious package is part the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinsta...

Detecting Trojaned DNNs Via Spectral Regression Analysis

Modern DNNs are repeatedly fine-tuned to incorporate new data and functionality. This evolutionary workflow introduces a security risk when updated data cannot be fully trusted, as adversaries may implant Trojans during fine-tuning. We present MIST, a Trojan detection approach that analyzes how a...

MAL-2026-4769 Malicious code in soundsource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3285c5fec24c01c9c463e85c199934f5a08da7e94277583430a6e3feb274add The package's source distribution contains Token.txt at the tarball root holding a live PyPI API token prefix pypi-AgEIcHlwaS5vcmc.... Anyone who...

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that...

Backdoor in Notepad++

Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users. Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until...

CVE-2025-66476

An uncontrolled search-path vulnerability in Vim for Microsoft Windows allows an attacker who can place a trojanized executable in a directory opened by the user to cause Vim to run that executable when Vim invokes external commands for example :grep, :!, filters !, :make, or system in Vimscript...

Trojaned Windows Installer Targets Ukraine

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian...

MS Windows 2000/NT 4 DLL Search Path Weakness

No description provided by source. source: http://www.securityfocus.com/bid/1699/info When a program executes under Microsoft Windows, it may require additional code stored in DLL library files. These files are dynamically located at run time, and loaded if necessary. A weakness exists in the...

QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has been reported that the packager...

Hacked DNS Servers Used in Cdorked Malware Campaign

The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighttpd binaries as part of the campaign. More concerning, though, is the possibility that...

SSHD libkeyutils Backdoor

The remote host appears to contain a trojaned libkeyutils library. The trojaned library links to SSHD, steals credentials, and sends spam. TRUSTED...

Piwik core/Loader.php Trojaned Distribution

The version of Piwik installed on the remote web server contains a trojaned backdoor, and allows the execution of arbitrary PHP code subject to the privileges under which the web server operates. It is likely to have been installed from a copy of the file 'latest.zip' downloaded from the project'...

Google Begins Security Review Process for Android Apps

After a couple of years of seeing headlines announcing a steady stream of pieces of malware and trojaned apps appearing the Android Market, Google finally has taken steps to find and remove malicious apps from the market automatically. The company has unveiled a service called Bouncer that scans...

New Mac Malware Variants Found in Trojaned Apps Are Stealing Data

Researchers have discovered a series of variants of the DevilRobber Mac OS X Trojan that have a menu of different capabilities, depending upon the strain, and can not only mine Bitcoins using the infected machine’s processing power, but also steals files, installs a Web proxy and may steal the...

Phisher-On-Phisher Crime Surfaces Via Trojaned Auto-Whaler Tool

It’s a sad day when attackers turn on each other, cannibalizing one another for cheap thrills and easy profits. But that’s the situation now, as phishers have begun going after the weakest among their kind: the lazy, unmotivated wannabe phisher with no skills. Researchers at GFI Labs have stumble...

Malware and Spam Campaigns Related to Bin Laden Not Finding Many Takers

As has become their custom, attackers and malware authors jumped on the death of Osama Bin Laden Monday, using black hat SEO, Facebook scams and Twitter spam. However, unlike other recent major news events, the attempts to lure people into clicking on malicious links or downloading Trojaned files...

ProFTPD Compromised Source Packages Trojaned Distribution

The remote host is using ProFTPD, a free FTP server for Unix and Linux. The version of ProFTPD installed on the remote host has been compiled with a backdoor in 'src/help.c', apparently related to a compromise of the main distribution server for the ProFTPD project on the 28th of November 2010...

BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning

Successfully poisoned the latest BIND with fully randomized ports! Exploit required to send more than 130 thousand of requests for the fake records like 131737-4795-15081.blah.com to be able to match port and ID and insert poisoned entry for the poisoneddns.blah.com. dig @localhost www.blah.com...

Panda Antivirus 2008 Local Privilege Escalation Exploit

No description provided by source. / Security Advisory Severity: Medium Title: Panda Antivirus 2008 Local Privileg Escalation Date: 02.08.07 Author: tarkus tarkus at tiifp dot org URL: https://tiifp.org/tarkus Vendor: Panda http://www.pandasoftware.com/...

Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)

Security Advisory Severity: Medium Title: Panda Antivirus 2008 Local Privileg Escalation Date: 02.08.07 Author: tarkus tarkus at tiifp dot org URL: https://tiifp.org/tarkus Vendor: Panda http://www.pandasoftware.com/ Affected Products: Panda Antivirus 2008 Not Affected Products: - Panda...