40 matches found
The Agentic Security Crisis: Why You Need to Act Now
...
Watch out for tax-season robocalls pushing fake “relief programs”
While Americans are sorting through paperwork to get their taxes filed in time, scammers are working overtime to grab a piece of the action. As tax season ramps up, so does scam activity. Our telemetry shows a spike in robocalls impersonating tax resolution firms, tax relief agencies, and vaguely...
EUVD-2022-7298
Malicious code in bioql PyPI...
EUVD-2024-27957
Malicious code in bioql PyPI...
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently...
MAL-2025-6359 Malicious code in cookie-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c94db01436156d78a21b41d74cf372b4e12f89a2480b8986397309b1c4165b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5883 Malicious code in @web-kit-package/grab-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b40f792f041cb54fd538d312324aefe4be963bdebc3734132184a9c3b4c875fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5664 Malicious code in ai-guide (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 344da047769642e93f7d727b850c547fe9be2272daef99e44ef3f7c9b0f4bc77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5671 Malicious code in berrynet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f54dd403bf9ea745a960f5acd6f5119e6a874444ab0bfae5660880850cebea4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-1478
Removed by vendor...
MAL-2025-4673 Malicious code in @sasmeee/gamble (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c87f47f35d7c73fd035a897353adf49aa127f906c05e5bb8ffa791b9465d8f71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4518 Malicious code in vite-plugin-style-svg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a088c782de4d11381b6ebcd1c8b473f9d44157fc43c0e1cf01d289370f67c1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Leantime has Insufficiently Protected Credentials
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...
PT-2025-6235 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The issue is related to a rejected reason, but specific details about the problem are not provided. There is a mention of not waiting for...
PT-2024-25272 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: A vulnerability has been identified, but details are scarce. There is a mention of not waiting for vulnerability scanning results, indicating...
CVE-2024-8233
Removed by vendor...
MAL-2024-11764 Malicious code in plugin-proposal-json-strings (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c11469c014eaf5720410613f78c79dd6cd0aa28aca6fd52a0152441fb13b242e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11279 Malicious code in @saleswhale/barnacle (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-10920 Malicious code in conibase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e70af172c9db7c1934d326429c7bc63ed721d3934ada0d8197542fb231535fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
OneDrive Pastejacking
OneDrive Pastejacking: The crafty phishing and downloader campaign By Rafael Pena · July 29, 2024 Over the past few weeks, the Trellix Advanced Research Center has observed a sophisticated Phishing/downloader campaign targeting Microsoft OneDrive users. This campaign heavily relies on social...