Microsoft Windows PowerShell 命令注入漏洞

Microsoft Windows PowerShell is a command line shell program and scripting environment from Microsoft Corporation USA that enables command line users and script writers to take advantage of . A command injection vulnerability exists in Microsoft Windows PowerShell. An attacker could exploit the...

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers are calling attention to a new campaign dubbed JSSMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT. The attack chain, analyzed by Securonix, involves three main moving parts: An...

Exploit for CVE-2025-55182

React2Shell Scanner High Fidelity Detection & Exploitation To...

Fileless protection explained: Blocking the invisible threat others miss

Most antivirus software for personal users scans your computer for malware hiding in files. This is, after all, how most malware is traditionally spread. But what about attacks that never create files? Fileless malware is a fast-growing threat that evades traditional antivirus software, because...

curl: runs javascript on powershell when it shouldnt

On windows, if I run a curl on powershell for a script that should show alert1 it just executes the script when it shouldn't. I did not use AI to find or report this bug. Affected version on CMD I ran curl --version curl 8.16.0 Windows libcurl/8.16.0 Schannel zlib/1.3.1 WinIDN on powershell it...

Microsoft Windows Extended Security Updates (ESU) Status Detection

SMB login-based detection of the Microsoft Windows Extended Security Updates ESU status. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

New ClickFix wave infects users with hidden malware in images and fake Windows updates

Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...

ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user's...

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control C2 server, Kaspersky researcher Lisandro Ubiedo said in an...

Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion

Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control C2 and red teaming framework known as Tuoni. "The campaign leveraged the emerging Tuoni C2 framework, a relatively new,...

autottp

This is a Python wrapper for the PowerShell Empire API, a framework for penetration testing and red teaming. The wrapper provides a simple interface to interact with the Empire API, allowing users to automate tasks and sequences of actions. The wrapper is feature complete as of Empire 1.5.0 and...

HP Client Management Script Library 安全漏洞

HP Client Management Script Library is a library of Powershell automation management tools from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Client Management Script Library that stems from improper privilege management during installation, which could result in...

poc

poc Proof of concept Windows UAC P...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287-WSUS powershell version of hawktrace POC exploi...

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files

Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine's war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control C2. The activity, which took place o...

BIT-POWERSHELL-2025-25004 PowerShell Elevation of Privilege Vulnerability

Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally...

Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers

A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased "operations tempo" from the threat actor. The findings come from Google Threat Intelligence Group GTIG, which said the...

CVE-2025-61303

Hatching Triage Sandbox Windows 10 build 2004 2025-08-14 and Windows 10 LTSC 20212025-08-14 contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample...

EUVD-2025-35102

Hatching Triage Sandbox Windows 10 build 2004 2025-08-14 and Windows 10 LTSC 20212025-08-14 contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample...

CVE-2025-61303

Hatching Triage Sandbox Windows 10 build 2004 2025-08-14 and Windows 10 LTSC 20212025-08-14 contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample...