Lucene search
+L

477 matches found

packetstormnews
packetstormnews
added 2025/08/25 12:0 a.m.4 views

MalLoc: toward Fine-Grained Android Malicious Payload Localization Via LLMs

The rapid evolution of Android malware poses significant challenges to the maintenance and security of mobile applications apps. Traditional detection techniques often struggle to keep pace with emerging malware variants that employ advanced tactics such as code obfuscation and dynamic behavior...

7.4AI score
Exploits0
packetstormnews
packetstormnews
added 2025/08/14 12:0 a.m.7 views

A Novel Study on Intelligent Methods and Explainable AI for Dynamic Malware Analysis

Deep learning models are one of the security strategies, trained on extensive datasets, and play a critical role in detecting and responding to these threats by recognizing complex patterns in malicious code. However, the opaque nature of these models-often described as "black boxes"-makes their...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/08/08 12:0 a.m.35 views

Symbolic Execution in Practice: a Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis

Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering symbolic execution's practical application. To combat this,...

7.1AI score
Exploits0
cisa
cisa
added 2025/08/06 12:0 p.m.11 views

CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities

CISA published a Malware Analysis Report MAR with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities: CVE-2025-49704link is external CWE-94: Code Injectionlink is external, CVE-2025-49706link is external CWE-287: Improper Authenticationlink is...

9.8CVSS7.7AI score0.99979EPSS
In wildExploits41References14
cisa
cisa
added 2025/07/31 12:0 p.m.3 views

Thorium Platform Public Availability

Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thoriumlink is external, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows...

7.1AI score
Exploits0References3
talosblog
talosblog
added 2025/07/31 10:0 a.m.15 views

Using LLMs as a reverse engineering sidekick

This research explores how large language models LLMs can complement, rather than replace, the efforts of malware analysts in the complex field of reverse engineering. LLMs may serve as powerful assistants to streamline workflows, enhance efficiency, and provide actionable insights during malware...

7.6AI score
Exploits0
osv
osv
added 2025/07/11 5:25 p.m.1 views

MAL-2025-5835 Malicious code in @lensapp/eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61bc10b6edfec3225d467f169ee0c13a8d66637e96186f959196d0ae15822ad6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
trellix
trellix
added 2025/07/01 12:0 a.m.9 views

Automagic Reverse Engineering

Automagic Reverse Engineering By Trellix · July 1, 2025 This blog was written by Max Kersten Over the last few years, I have looked into methods to improve the reverse engineering process. This saves essential time during the analysis, which helps while defending from well prepared threat actors...

6.8AI score
Exploits0
mssecure
mssecure
added 2025/06/27 6:30 p.m.6 views

Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT , a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/22 12:0 a.m.5 views

Semantic Preprocessing for LLM-Based Malware Analysis

In a context of malware analysis, numerous approaches rely on Artificial Intelligence to handle a large volume of data. However, these techniques focus on data view images, sequences and not on an expert's view. Noticing this issue, we propose a preprocessing that focuses on expert knowledge to...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/05/27 12:0 a.m.4 views

Lazarus Group Targets Crypto-Wallets and Financial Data While Employing New Tradecrafts

This report presents a comprehensive analysis of a malicious software sample, detailing its architecture, behavioral characteristics, and underlying intent. Through static and dynamic examination, the malware core functionalities, including persistence mechanisms, command-and-control communicatio...

6.9AI score
Exploits0
rapid7blog
rapid7blog
added 2025/05/22 12:0 p.m.41 views

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign

Co-authored byAnna Širokova and Ivan Feigl Executive summary Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in memory and gives attackers remote...

7.8AI score
Exploits0
redhatcve
redhatcve
added 2025/05/22 8:35 a.m.11 views

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

7.8CVSS6.9AI score0.00969EPSS
Exploits1References1
kitploit
kitploit
added 2025/04/21 12:30 p.m.51 views

Bytesrevealer - Online Reverse Enginerring Viewer

Bytes Revealer is a powerful reverse engineering and binary analysis tool designed for security researchers, forensic analysts, and developers. With features like hex view, visual representation, string extraction, entropy calculation, and file signature detection, it helps users uncover hidden...

7.1AI score
Exploits0References3
redhatcve
redhatcve
added 2025/04/02 5:36 p.m.19 views

CVE-2025-31116

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

9.8CVSS7.1AI score0.00712EPSS
Exploits2References1
osv
osv
added 2025/03/31 5:15 p.m.7 views

PYSEC-2025-48

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

9.8CVSS9.5AI score0.00446EPSS
Exploits1References4
nvd
nvd
added 2025/03/31 5:15 p.m.44 views

CVE-2025-31116

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

9.8CVSS0.00446EPSS
Exploits1References2
osv
osv
added 2025/03/31 4:42 p.m.25 views

CVE-2025-31116 Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

4.4CVSS7.2AI score0.00446EPSS
Exploits1References4
thn
thn
added 2025/02/18 12:20 p.m.13 views

Debunking the AI Hype: Inside Real Hacker Tactics

Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs' Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks...

7.4AI score
Exploits0
thn
thn
added 2025/02/17 9:4 a.m.22 views

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control C2 communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang a...

7.6AI score
Exploits0
Rows per page
Query Builder