DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captur...

CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

ShellExploit

This project is no longer supported PowerSploit is a col...

WMI Event Subscription Event Log Persistence

This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified USERNAMETRIGGER note: failed logon auditing must be enabled on...

WMI Event Subscription Interval Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom comman...

WMI Event Subscription Logon Timer Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will trigger the payload after the system has a certain uptime. Payloads will trigger every minute until the set end time. Additionally a custom command can be specifi...

WMI Event Subscription Event Log Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified USERNAMETRIGGER note: failed logon auditing must be...

CVE-2021-22928

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM...

PT-2026-8124

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings, resulting in kernel warnings. Specifically, the driver...

SUSE CVE-2023-54252

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

PT-2025-54081

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified and resolved in the Linux kernel related to the ThinkStation WMI strings parsing within the platform/x86/think-lmi module. A previously introduced commit...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not freeing memory when parsing WMI strings, which could lead to a memory leak...

Endpoint Security Agent: A Comprehensive Approach to Real-Time System Monitoring and Threat Detection

As cyber threats continue to evolve in complexity and frequency, robust endpoint protection is essential for organizational security. This paper presents "Endpoint Security Agent: A Comprehensive Approach to Real-time System Monitoring and Threat Detection" a modular, real-time security solution...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Fixed the retrieval of WMI data blocks in sysfs callbacks. After retrieving WMI data blocks through sysfs callbacks, it is necessary to check the validity of these data blocks before dereferencing...

CVE-2022-50521 platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()

In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...

EUVD-2009-0087

Malware in sbrugna...

EUVD-2013-7267

Malware in sbrugna...

EUVD-2019-7560

Malware in sbrugna...

UBUNTU-CVE-2023-53602

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod. Fix it by calling ath11kfwstatsfree function before hardware unregister. While at i...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the WMI firmware statistics...