CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

CVE-2026-8879

CVE-2026-8879 affects the Securly Chrome Extension (v3.0.7). It dynamically registers content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), bypassing manifest.json and the Chrome Web Store review. The script runs on all URLs, hides page content, displays a...

PT-2026-46051

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

How to find and remove credential-stealing Chrome extensions

Researchers have found yet another family of malicious extensions in the Chrome Web Store. This time, 30 different Chrome extensions were found stealing credentials from more than 260,000 users. The extensions rendered a full-screen iframe pointing to a remote domain. This iframe overlaid the...

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...

$6,000 “Stanley” Toolkit Sold on Russian Forums Fakes Secure URLs in Chrome

Say hello to Stanley, a new malicious toolkit that guarantees bypassing Google’s Chrome Web Store review process...

CampCodes Retro Basketball Shoes Online Store 跨站脚本漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A code injection vulnerability exists in CampCodes Retro Basketball Shoes Online Store version 1.0, which stems from an incorrect manipulation of the parameter productname in the file...

EUVD-2013-0896

Malware in sbrugna...

EUVD-2016-2735

Malware in sbrugna...

EUVD-2025-13476

Malicious code in bioql PyPI...

CVE-2025-4314

A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument txtLogin leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4312

A vulnerability, which was classified as critical, has been found in SourceCodester Advanced Web Store 1.0. This issue affects some unknown processing of the file /productdetail.php. The manipulation of the argument prodid leads to sql injection. The attack may be initiated remotely. The exploit...

CVE-2025-4313

A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/adminaddnewproduct.php. The manipulation of the argument txtProdId leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-4313

A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/adminaddnewproduct.php. The manipulation of the argument txtProdId leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-4314

A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument txtLogin leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4314 SourceCodester Advanced Web Store index.php sql injection

A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument txtLogin leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4314 SourceCodester Advanced Web Store index.php sql injection

A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument txtLogin leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4314

CVE-2025-4314 affects SourceCodester Advanced Web Store 1.0. The vulnerability is an SQL injection in the admin/index.php file via the txtLogin parameter, arising from improper input handling. It is exploitable remotely and has been publicly disclosed. Documented impacts indicate potential compro...

CVE-2025-4313 SourceCodester Advanced Web Store admin_addnew_product.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/adminaddnewproduct.php. The manipulation of the argument txtProdId leads to sql injection. It is possible to launch the attack remotely. The...