Tag: nordwest

security

Cross-Platform NPM Stealer, (Fri, May 22nd)

22.05.2026

I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js” (and reformated). The SHA256 is 049300aa5dd774d6c984779a0570f59610399c71864b5d5c2605906db46ddeb9[1]. It did not run properly in a sandbox so only a static analysis was performed.

Mehr lesen →
soc

CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25

07.05.2026

CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-Adresse geschuetzt.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript executed through VM.run() can break out of the sandbox and reach the host process object, leading to arbitrary code execution (RCE) in the host Node.js process. This post […]

Mehr lesen →