MAL-2025-41296 Malicious code in heft-web-rig-library-tutorial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5305ed5a8b702f1ebff37fd77c6a498586782cc76fa0f351f18c6ad13efdd194 The OpenSSF Package Analysis project identified 'heft-web-rig-library-tutorial' @ 99.0.9 npm as malicious. It is considered malicious because: -...

MAL-2025-37183 Malicious code in trello-power-up-tutorial-part-one (npm)

The package trello-power-up-tutorial-part-one was found to contain malicious code...

Malicious code in trello-power-up-tutorial-part-one (npm)

The package trello-power-up-tutorial-part-one was found to contain malicious code...

MAL-2025-6742 Malicious code in node-sqlite-fly-tutorial (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in node-sqlite-fly-tutorial (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-34095

An OS command injection exists in Real Time Logic Mako Server v2.5 and v2.6 via the examples/save.lsp tutorial interface. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute() code, which is persisted on disk and later executed when a GET is issued to ex...

Using Signal Groups for Activism

Good tutorial by Micah Lee. It includes some nonobvious use cases...

MAL-2025-5733 Malicious code in tickets-tutorial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9377af3ff9889209078306e2ccd858a9c161cb6aaa6f315d355fd1d797abe26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tickets-tutorial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9377af3ff9889209078306e2ccd858a9c161cb6aaa6f315d355fd1d797abe26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

welpwn

Introduction Pwnning is an art. welpwn is designed to make pwnning an art, freeing you from dozens of meaningless jobs. Features - Automatically get those magic values for you. - libc address - heap address - stack address - program address with PIE - canary - Support multi glibc debugging. - 2.1...

Commitment Schemes for Multi-Party Computation

The paper presents an analysis of Commitment Schemes CSs used in Multi-Party Computation MPC protocols. While the individual properties of CSs and the guarantees offered by MPC have been widely studied in isolation, their interrelation in concrete protocols and applications remains mostly...

MAL-2025-2867 Malicious code in cloudflare-vite-tutorial (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in cloudflare-vite-tutorial (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in cortex-app-tutorial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc169aa56cb76eac4f5dab88f9b4a5d3293c0c051fd7f47b13891d7adfc43d7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2499 Malicious code in cortex-app-tutorial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc169aa56cb76eac4f5dab88f9b4a5d3293c0c051fd7f47b13891d7adfc43d7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

This Week in Sprng - March 11th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's a busy week as always, fresh off the rush that was Devnexus and busily preparing for the fun that is JavaOne! It's going to be epic! want to learn about dependency injection, auto-configuration, Spring Framework, Spring...

Malicious code in aem-headless-advanced-tutorial-wknd-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fb0b752510b8d479c92185f2871183cd1bbd1ef4d7507d43ccd130c3fd24e1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Autodesk: Stored XSS in AREA tutorials

A stored cross-site scripting XSS vulnerability was discovered in the AREA tutorials feature. The vulnerability could have allowed an attacker to inject malicious JavaScript code when publishing a tutorial. The vulnerability was reported and fixed by Autodesk...

This Week in Spring - February 11th, 2025

Hi, Spring fans! It's almost Valentine's day, and let me just say: I love the Spring community! It's such an exciting and interesting place to be. Thank you everyone for all that you do. I'm busy preparing for ConFoo, in Montreal, Canada, and for Devnexus, in Atlanta, Georgia. If you're around be...

MAL-2025-1107 Malicious code in deep-links-movie-tutorial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34a840de253ee6e7e6e03231c495a2d90bdaf338bf107fba5ed290ed21136e8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...