Malicious code in @nolimit-x/win32-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 343787b335da015be56f49d118534c54bf81abab9e53b40bec0114d23bcc95c7 Package ships a single 8.1 MB Windows PE nolimit-core.exe as its main entry with only the description 'nolimit-x native binary for Windows x64' — no...

MAL-2026-4408 Malicious code in @nolimit-x/win32-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 343787b335da015be56f49d118534c54bf81abab9e53b40bec0114d23bcc95c7 Package ships a single 8.1 MB Windows PE nolimit-core.exe as its main entry with only the description 'nolimit-x native binary for Windows x64' — no...

Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6591be3fe5d0b37196562035353367d96a2bb1390d8f0f4dae3c5abbfd927f6 Package is published under the @bonsai-ai scope but impersonates Anthropic's official @anthropic-ai/claude-code-win32-x64 platform package...

MAL-2026-4371 Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6591be3fe5d0b37196562035353367d96a2bb1390d8f0f4dae3c5abbfd927f6 Package is published under the @bonsai-ai scope but impersonates Anthropic's official @anthropic-ai/claude-code-win32-x64 platform package...

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments IDEs on a developer's machine. The technique has been discovered in an Open VSX extension...

HTTP Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...

Malicious code in @postman/pm-bin-windows-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02ae17f856e11e19fc956689bbc3e88c8de0052e0ea1017d2048d92f20bfa91b The package @postman/pm-bin-windows-x64 was found to contain malicious code. Source: google-open-source-security...

EUVD-2020-26588

Malware in sbrugna...

OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with...

CVE-2021-21292

Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their...

Ollama Installed (Windows)

Binary data ollamawininstalled.nbin...

GoodAccess Installed (Windows)

Binary data goodaccesswininstalled.nbin...

NoMachine Installed (Windows)

Binary data nomachinewininstalled.nbin...

ISLOnline ISL Light Client Installed (Windows)

Binary data islonlineisllightclientwininstalled.nbin...

Adobe Substance 3D Stager Installed (Windows)

Binary data adobesubstance3dstagerwininstalled.nbin...

DuckDB Installed (Windows)

Binary data duckdbwininstalled.nbin...

PostgreSQL pgAdmin4 Installed (Windows)

Binary data postgresqlpgadmin4wininstalled.nbin...

Cybercriminals Abuse Stack Overflow to Promote Malicious Python Package

Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index PyPI repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing...

Cross site scripting

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...

PT-2024-19401 · Unknown · Creditcoin

Name of the Vulnerable Software and Affected Versions: Creditcoin affected versions not specified Description: The issue concerns the Windows binary of the Creditcoin node, which loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files...