228 matches found
Fake malware-signing service Fox Tempest dismantled by Microsoft
Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
The Iranian hacking group known as MuddyWater aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST has targeted several organizations and individuals mainly located across the Middle East and North Africa MENA region as part of a new campaign codenamed Operation Olalampo. The activity, first observe...
AnyDesk < 9.0.5 Multiple Vulnerabilities
The version of AnyDesk installed on the remote Windows host is prior to 9.0.5. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability exists due to incorrect deserialization that results in failed memory allocation and a NULL pointer dereference. An...
CVE-2019-25261
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
CVE-2019-25261
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
CVE-2019-25261
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
EUVD-2019-19379
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
CVE-2019-25261 AnyDesk 5.4.0 - Unquoted Service Path
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
CVE-2019-25261
AnyDesk 5.4.0 on Windows is affected by an unquoted service path vulnerability in its Windows service configuration. The unquoted binary path allows a local attacker to place a malicious executable in a service executable location, potentially enabling elevated privileges. The information provide...
AnyDesk 代码问题漏洞
AnyDesk is a remote desktop connection software developed by the German company AnyDesk. Version 5.4.0 of AnyDesk contains a code vulnerability. This vulnerability stems from a service path in the Windows service configuration that lacks quotation marks, which may lead to privilege escalation...
PT-2026-5798
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
EUVD-2025-202935
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-lev...
CVE-2025-34499
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-lev...
CVE-2025-34499 AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-lev...
CVE-2025-34499
The CVE-2025-34499 entry concerns AnyDesk 7.0.15 and 9.0.1 with an unquoted service path that can allow local, non-privileged users to execute code with elevated SYSTEM privileges. Affected component is the Windows service path configuration; exploitation would involve injecting a malicious execu...
CVE-2025-34499 AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-lev...
PT-2025-50765
Name of the Vulnerable Software and Affected Versions AnyDesk versions 7.0.15 and 9.0.1 Description AnyDesk versions 7.0.15 and 9.0.1 have an unquoted service path configuration. This allows local, non-privileged users to potentially run code with SYSTEM-level privileges. An attacker can exploit...
AnyDesk 代码问题漏洞
AnyDesk is a remote desktop connection software from AnyDesk Germany. A code issue vulnerability exists in AnyDesk versions 7.0.15 and 9.0.1, which stems from an unquoted service path that could lead to code execution by a local, unprivileged user with SYSTEM privileges...
CISA and Partners Release Advisory Update on Akira Ransomware
Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, StopRansomware:...
CVE-2025-27917
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Remote Denial of Service can occur because of incorrect deserialization that results in failed memory...