Malicious Package

Overview @cat-ai/assistant-component is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview react-device-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

How to Set Up and Use a Burner Phone

Obtaining and using a true burner phone is hard—but not impossible. Here are the steps you need to take to protect your mobile communications based on the risks you face...

Malicious Package

Overview oci-console-plugin-registry is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Malicious Package

Overview internallibv819 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview json-rules-engine-examples is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @navancorp/ta-travel is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @navancorp/ta-fe-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @exarad/verfuegbarkeitspruefung-vue2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious code in test-mlw2-cleat-using (npm)

The package test-mlw2-cleat-using was found to contain malicious code...

MAL-2025-34715 Malicious code in tent-using-western (npm)

The package tent-using-western was found to contain malicious code...

Malicious code in tent-using-western (npm)

The package tent-using-western was found to contain malicious code...

Malicious Package

Overview vite-postcss-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

TP-Link Archer C1200 vulnerable to clickjacking

Overview Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 - CVE-2025-6983 Daimon Kawashima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...

GHSA-CWWM-HR97-QFXM SpiceDB checks involving relations with caveats can result in no permission when permission is expected

Impact On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. For example, given this schema:...

A Survey on the Safety and Security Threats of Computer-Using Agents: JARVIS or Ultron?

Recently, AI-driven interactions with computing devices have advanced from basic prototype tools to sophisticated, LLM-based systems that emulate human-like operations in graphical user interfaces. We are now witnessing the emergence of \emphComputer-Using Agents CUAs, capable of autonomously...

CVE-2024-23597

Cross-site request forgery CSRF vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

Embedded Malicious Code

Overview cdn-icon-fetcher-help is a Malicious package. Affected versions of this package are vulnerable to Embedded Malicious Code. Once this package is installed and executed, it downloads a Javascript file from a cdn-static-seven.vercel.app URL, which appears to be an image hosting site. Howeve...

PT-2025-5087 · Unknown · Wm Options Import Export

Name of the Vulnerable Software and Affected Versions: WM Options Import Export versions 1.0.1 and earlier Description: The issue allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This can potentially expose confidential information...