MAL-2026-4347 Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

MAL-2026-3769 Malicious code in prettier-lint-lenz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f7035dda69170600724a31f4b3543e02ac23c9153f3a62c35f2ee5264eef44 Package impersonates the popular prettier formatter — README and description are copied verbatim from the real Prettier project, but the package ship...

Windows Persistence via UserInitMprLogonScript Registry Key

This Python script demonstrates a Windows persistence technique based on modifying the HKCU\Environment\UserInitMprLogonScript registry value, which allows execution of a program each time the user logs in...

Windows Persistence Bits Job

This module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots until...

Windows Persistence via UserInitMprLogonScript

This module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that payload...

Windows Persistence Via UserInitMprLogonScript

This Metasploit module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that...

Embedded Malicious Code

Overview telnyx is a library that provides convenient access to the Telnyx REST API from any Python 3.9+ application. The library includes type definitions for all request params and response fields, and offers both synchronous and asynchronous clients powered by httpx. Affected versions of this...

Windows Persistent Service Installer

This Module will generate and upload an executable to a remote host. It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required. Module Options msf use exploit/windows/persistence/service msf exploitservice show targets...

Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This module uploads a payload and declares that it is the debug process to launch when a specified process exits. Module Options msf use exploit/windows/persistence/imageexecoptions msf exploitimageexecoptions show targets...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage

Many usefull offensive CSharp Projects wraped into Powershell for easy usage. Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new...