Malicious code in transform-jscript (npm)

The package 'transform-jscript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1505 Malicious code in transform-jscript (npm)

The package 'transform-jscript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity researchers have discovered a JScript-based command-and-control C2 framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicious...

PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups

PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities...

EUVD-2018-20053

Malware in sbrugna...

EUVD-2015-6078

Malware in sbrugna...

EUVD-1999-1074

Malware in sbrugna...

Malicious Windows Script Host JScript (.js) File

This module creates a Windows Script Host WSH JScript .js file. Module Options msf use exploit/windows/fileformat/windowsscripthostjscript msf exploitwindowsscripthostjscript show targets ...targets... msf exploitwindowsscripthostjscript set TARGET msf exploitwindowsscripthostjscript show options...

📄 Malicious Windows Script Host JScript File

This Metasploit module creates a Windows Script Host WSH JScript .js file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host JScript .js File', 'Description' = %q Th...

📄 Microsoft Windows Server 2025 JScript Engine Remote Code Execution

This proof of concept exploits a use-after-free vulnerability in jscript.dll to achieve code execution via heap spraying. The shellcode executes calc.exe as a demonstration of code execution. !/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution...

Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution RCE Exploit Author: Mohammed Idrees Banyamer Instagram: @@banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 CVE: CVE-2025-30397 Vendor: Microsoft Affected Versions: Windo...

Exploit for Type Confusion in Microsoft

CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Fre...

CVE-2023-1004

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit h...

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as "Запрос цены и предложения от Индивидуального...

PT-2023-7064 · Microsoft · Windows Scripting Engine +3

Name of the Vulnerable Software and Affected Versions: Windows Scripting Engine affected versions not specified Description: The issue is related to a memory corruption vulnerability in the Windows Scripting Engine, specifically with the jscript9.dll dynamic library. This vulnerability can be...

QBot banker delivered through business correspondence

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family aka QakBot, QuackBot, and Pinkslipbot. The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and...

CVE-2023-1003

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and m...

Code injection

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and m...

Typora 代码注入漏洞

Typora is an editor. A code injection vulnerability exists in versions prior to Typora 1.5.8, which stems from a problem with the component WSH JScript Handle that can lead to code injection...

CVE-2023-1004

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit h...