Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Introduction In late April 2026, a client reached out to us for incident response support after discovering a miner running on users' computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update fo...

EUVD-2026-25194

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

IP Setting Software may insecurely load Dynamic Link Libraries

Overview IP Setting Software provided by i-PRO Co., Ltd. contains the following vulnerability in the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-34488 i-PRO Co., Ltd. reported this vulnerability to IPA to notify...

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

EUVD-2026-23496

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...

OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries

Overview The UPS Uninterruptible Power Supply management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries due to an issue with uncontrolled search path element CWE-427, CVE-2026-5397. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of...

PT-2026-33495

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14 Description The external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators...

EUVD-2026-23178

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

CVE-2026-22619

Eaton IPP is affected by insecure library loading in its executable, enabling arbitrary code execution by an attacker with access to the software package. The issue has been fixed in the latest Eaton IPP version available via the Eaton download center. Practitioner takeaway: verify that IPP insta...

CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

Eaton Intelligent Power Protector 安全漏洞

Eaton Intelligent Power Protector is a power protection software developed by Eaton, Inc. in the United States. The Eaton Intelligent Power Protector has a security vulnerability, which stems from the insecure library loading in executable files. This vulnerability may allow attackers with access...

PT-2026-33261

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability

Microsoft Visual Basic for Applications VBA contains an insecure library loading vulnerability that could allow for remote code execution...

CVE-2026-5055 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

NoMachine 代码问题漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. NoMachine has code vulnerabilities that stem from loading libraries from insecure locations, which may lead to local privilege escalation...

CVE-2026-40031

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a...

CVE-2026-40031

MemProcFS 处理在版本 5.17 之前存在多处不安全的库加载模式，导致跨六个攻击面发生 DLL/共享库劫持。攻击者若在工作目录中放置恶意 DLL/共享库，或操控 LD_LIBRARY_PATH，便可在 MemProcFS 加载时实现任意代码执行。根本原因是对加载库的路径未进行严格限定，利用 bare-name LoadLibraryU/dlopen 未带路径的调用进行加载。影响面涉及本地攻击向量、可用性和完整性及机密性均可能被高影响波及。若存在利用，文档未给出具体利用细节。建议升级至 5.17 及以上版本以修复该加载模式问题；如不能立即升级，可结合路径限定、工作目录隔离及库加载 ...