1197 matches found
MAL-2026-4348 Malicious code in api-rs-node (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
Malicious code in clobprice.api (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
MAL-2026-4350 Malicious code in clobprice.api (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
Malicious code in clob.api (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
MAL-2026-4349 Malicious code in clob.api (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
MAL-2026-4347 Malicious code in @devcarron/clob (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
PT-2026-37152
Name of the Vulnerable Software and Affected Versions i18nextify versions prior to 4.0.8 Description The software substitutes key interpolation tokens within src and href attribute values using the raw string from i18next.t. The substitution logic in the replaceInside handler within src/localize....
Fake Claude site installs malware that gives attackers access to your computer
Claude’s rapid growth—nearly 290 million web visits per month—has made it an attractive target for attackers, and this campaign shows how easy it is to fall for a fake site. We discovered a fake website impersonating Anthropic’s Claude to serve a trojanized installer. The domain mimics Claude's...
CVE-2026-39315
Unhead (document head/template manager) contains a vulnerability in useHeadSafe() where hasDangerousProtocol() decodes HTML entities before blocked-scheme checks. The decoder uses two fixed-width regexes; HTML5 allows leading zeros in numeric character references, and when a padded entity exceeds...
CVE-2026-39315 Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol function in packages/unhead/src/plugins/safe.ts decodes HTML...
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script VB Script malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence AI model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is writte...
EUVD-2019-10042
Malware in sbrugna...
EUVD-2020-2318
Malware in sbrugna...
EUVD-2017-5294
Malware in sbrugna...
EUVD-2019-9947
Malware in sbrugna...
EUVD-2019-1426
Malware in sbrugna...
EUVD-2019-9805
Malware in sbrugna...