Lucene search
K

198 matches found

Malwarebytes
Malwarebytes
added 2025/11/13 10:15 a.m.6 views

We opened a fake invoice and fell down a retro XWorm-shaped wormhole

Somebody forwarded an “invoice” email and asked me to check the attachment because it looked suspicious. Good instinct—it was, and what we found inside was a surprisingly old trick hiding a modern threat. What it does If the recipient had opened the attached Visual Basic Script .vbs file, it woul...

7.4AI score
Exploits0
HackRead
HackRead
added 2025/11/12 5:36 p.m.4 views

DarkComet Spyware Resurfaces Disguised as Fake Bitcoin Wallet

Old DarkComet RAT spyware is back, hiding inside fake Bitcoin wallets and trading apps to steal credentials via keylogging...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/17 1:33 p.m.6 views

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent...

6.9AI score
Exploits0
HackRead
HackRead
added 2025/10/16 4:46 p.m.10 views

NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam

North Korea's Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/16 10:0 a.m.7 views

BeaverTail and OtterCookie evolve with a new Javascript module

Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea DPRK. This group is known for impersonating hiring organizations to target job seekers, tricking them into installing information-stealing malware to obtain cryptocurrency and user credential...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/07 10:36 a.m.6 views

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix...

8.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-6390

Malware in sbrugna...

9.3CVSS8AI score0.01066EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-6344

Malware in sbrugna...

7.8CVSS7.6AI score0.00387EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-51381

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01395EPSS
Exploits2References5
The Hacker News
The Hacker News
added 2025/08/13 3:46 p.m.13 views

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks

Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/27 12:0 a.m.5 views

Under the Hood of BlotchyQuasar: DLL-Based RAT Campaigns against Latin America

A sophisticated malspam campaign was recently uncovered targeting Latin American countries, with a particular focus on Brazil. This operation utilizes a highly deceptive phishing email to trick users into executing a malicious MSI file, initiating a multi-stage infection. The core of the attack...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.8 views

CVE-2023-47250

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers with access to a VNC session to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop,...

8.8CVSS6.7AI score0.01395EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:19 p.m.7 views

CVE-2018-14996

The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...

7.8CVSS7.2AI score0.00518EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.12 views

CVE-2019-15344

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...

9.3CVSS7AI score0.01066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.8 views

CVE-2019-15388

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service name...

9.3CVSS7AI score0.01066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.12 views

CVE-2019-15389

The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service named...

9.3CVSS7AI score0.01066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 a.m.7 views

CVE-2019-15347

The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

7.8CVSS7.1AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 a.m.6 views

CVE-2019-15350

The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

7.8CVSS7.2AI score0.00332EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/02/03 11:39 a.m.26 views

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials,...

7.6AI score
Exploits0
OSV
OSV
added 2025/01/06 12:49 p.m.4 views

MAL-2025-46 Malicious code in solanacore (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

7.2AI score
Exploits0References1
Rows per page
Query Builder