High report

Malicious Packages Identified in the Wild: Insights and Trends from November 2024 Onward

Tracked since May 6, 2026
threat-report

CVSS Breakdown

CVSS Base Score
Attack Vector
N/A
Requires physical access to exploit.
CIA Impact
Confidentiality N/A
Integrity N/A
Availability N/A

Exploit Probability (EPSS)

NaN%
NaN% probability of exploitation in 30 days
This vulnerability has a relatively low exploitation probability, but should still be patched according to your standard timelines.
Low

Insurance Impact Assessment

🛡️
Significant Impact

High-severity vulnerabilities may affect cyber insurance pricing and coverage terms. Demonstrating patch management reduces underwriting friction.

Threat report published 2025-03-10T20:29:07.925Z. Types: threat-report. FortiGuard Labs has analyzed malicious software packages detected from November 2024 to March 2025, revealing various attack techniques used to exploit system vulnerabilities. Key findings include 1,0

Assess your exposure

Is your organization vulnerable? Run a free domain exposure scan to check.

Scan Your Domain → Broker Scorecard

Related Threats

CVE-2023-4153: The BAN Users plugin for WordPress is vulnerable to privilege escalation in vers
CVSS high
CVE-2023-4213: The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecur
CVSS high
CVE-2023-4916: The Login with phone number plugin for WordPress is vulnerable to Cross-Site Req
CVSS high
CVE-2023-36419: Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulne
CVSS high
CVE-2023-5336: The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulne
CVSS high
← Back to Threat Feed