#ssh

Waltham, United States, 17th September 2025, CyberNewsWire

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

ShinyHunters reportedly hacked Kering, exposing Gucci, Balenciaga and Alexander McQueen customer data, raising risks of scams and spear…

A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. "We have proven that

China-linked AI tool Villager, published on PyPI, automates cyberattacks and has got experts worried after 10,000 downloads in…

A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming

### Summary The extractall function ```zip_file.extractall(output_dir)``` is used directly to process compressed files. It is used in many places in the project. When the Zip file containing malicious content is decompressed, it will overwrite the system files. In addition, the project allows the download of the zip content through the link, which increases the scope of exploitation of this vulnerability. When reproducing locally, follow the process below to create a malicious zip file and simulate the process of remotely downloading the zip file. ``` root@autodl-container-a53c499c18-c5ca272d:~/autodl-tmp/mmm# mkdir -p test_bundle root@autodl-container-a53c499c18-c5ca272d:~/autodl-tmp/mmm# echo "malicious content" > test_bundle/malicious.txt root@autodl-container-a53c499c18-c5ca272d:~/autodl-tmp/mmm# cd test_bundle root@autodl-container-a53c499c18-c5ca272d:~/autodl-tmp/mmm/test_bundle# zip -r ../malicious.zip . ../../../../../../etc/passwd adding: malicious.txt (stored 0%) addi...

Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. Akamai, which discovered the latest activity last month, said it's designed to block other actors from accessing the Docker API from the internet. The findings build on a prior report from Trend Micro in late June 2025, which

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.

# Summary pREST provides a simple way for users to expose access their database via a REST-full API. The project is implemented using the Go programming language and is designed to expose access to Postgres database tables. During an independent review of the project, Doyensec engineers found that SQL injection is a systemic problem in the current implementation (version `v2.0.0-rc2`). Even though there are several instances of attempts to sanitize user input and mitigate injection attempts, we have found that on most code-paths, the protection is faulty or non-existent. ## Core Endpoints The main functionality providing REST operations on the data stored in the Postgres database is exposed via the following endpoints: - `GET /{database}/{schema}/{table}` - `POST /{database}/{schema}/{table}` - `PUT|PATCH /{database}/{schema}/{table}` - `DELETE /{database}/{schema}/{table}` Handlers for the above endpoints execute very similar logic. At a high-level they: 1. Perform authenticati...