MAL-2026-5137 Malicious code in @redhat-cloud-services/frontend-components-translations (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Embedded Malicious Code

Overview mistralai is a Mistral Python Client Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack...

MAL-2025-191178 Malicious code in @actbase/native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 328d7b0db77bbbc8012f6aee1eec6c2c15d1fec187573be00958308bceaf3b13 The package @actbase/native was found to contain malicious code. Source: ghsa-malware eb78c3f4eb3df2581ae53c6b6c46aa1d14c7a6027fa4f248b1e2b15763763ed...

MAL-2025-47272 Malicious code in @teselagen/bounce-loader (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2f86497a8f8ebd289f9296f0d154c87fd2429bdf4fc8de97c6b1684ed3b9aaa Any computer that has this package installed or running should be considered fully compromised. All...

‘Call of Duty: Modern Warfare 2’ Players Hit With Worm Malware

Plus: Russia tightens social media censorship, new cyberattack reporting rules for US companies, and Google Street View returns to Germany...

Digging Deeper – An In-Depth Analysis of a Fast Flux Network

Fast Flux is a DNS technique used by botnets to hide various types of malicious activities, such as phishing, web proxying, malware delivery, and malware communication, behind an ever-changing network of compromised hosts acting as proxies. The Fast Flux network concept was first introduced in...

Microsoft works with researchers to detect and protect against new RDP exploits

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and...

Together we analyze this just to fix the RDP vulnerability, CVE-2019-0708-vulnerability warning-the black bar safety net

! Write in front of words At Microsoft in May this year of the vulnerability Update Security Bulletin, reference was made to a Remote Desktop Protocol RDP for vulnerabilities. The reason we're here specifically for this vulnerability analysis, is because of this vulnerability the update relates t...