MAL-2026-5572 Malicious code in sendgrid-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08f1d48bc557c6afa69c74455fe35f34ed0992082dc30fc09d032523d2329f63 Package impersonates the official SendGrid npm packages @sendgrid/ but ships no SDK functionality — index.js exports an empty object. Its sole purpos...

vpn_exploitation_tool

AD + Citrix VPN Data Harvester Modular Java tool for testing...

VulnCheck KEV: CVE-2024-50570

A Cleartext Storage of Sensitive Information vulnerability CWE-312 in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN...

SUSE CVE-2016-2342

The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a...

A week in security (October 10 - 16)

Last week on Malwarebytes Labs: Teen talk: What it's like to grow up online, and the role of parents: Lock and Code S03E21 White House unveils Blueprint for an AI Bill of Rights Credential stuffers take aim at Final Fantasy XIV players Meta accuses apps of stealing WhatsApp accounts Smart lights...

A week in security (March 1 – 7)

Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech. We wrote about how Ryuk ransomware has developed a worm-like capability, how Exchange servers are attacked by Hafnium zero-days, 21 million free VPN users’ data was...