Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
GitHub

Android app to run on a set-top box and play video URLs "cast" to it with a stateless HTTP API (based on AirPlay v1).

There is no UI when the app starts. It's a foreground service with a notification, which runs a web server on port 8192. The IP address of the server is given in the notification message. When a video ...