UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

The Computer Emergency Response Team of Ukraine CERT-UA has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located...

PT-2025-15093

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description The issue concerns a remote code execution RCE exploit. Technical details include the use of a vxproj file, conversion to vbs and then to ps1 PowerShell script, and involvement of an asar fil...

CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware

The Computer Emergency Response Team of Ukraine CERT-UA has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use o...

An error occurs when specifying the license server by IP address in Citrix Studio

In Citrix Studio, select Licensing from the left-hand tree and click Change License Server, when entering IP address in the "Change License Server" window that appears, the message "Connected to a trusted server" is displayed. However, when returning to Studio, the error message "Cannot connect t...

Citrix Licensing - powershell cmdlets failing with CommunicationError

Citrix.Licensing.Admin.V1 cmdlets Get-LicCertificate, Get-LicInventory stopped working after License Server upgrade to 11.17.2.0. Build 51000. Citrix Licensing PowerShell Snap-In is installed and used directly on the License Server. Error: CommunicationError CategoryInfo: InvalidOperation Example...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 GibbonEdu Arbitrary File Write to Web Shell...

Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit

This module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. Module Options msf use exploit/windows/http/sitecorexpcve202527218 msf...

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Cisco Talos is actively tracking an ongoing campaign targeting users in Ukraine with malicious LNK files, which run a PowerShell downloader, since at least November 2024. The file names use Russian words related to the movement of troops in Ukraine as a lure. The PowerShell downloader contacts...

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

An advanced persistent threat APT group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has...

Exploit for CVE-2025-29927

Testing script for CVE-2025-29927 Provided by CyberMaxx. CV...

Exploit for CVE-2025-29927

Testing script for CVE-2025-29927 Provided by CyberMaxx. CV...

PVS Configuration Wizard Error: Insufficient Privileges

When creating a new PVS farm by running configuration wizard, and selecting option to register the PVS server with a CVAD farm, configuration wizard returns an error: The current user needs to be a Machine catalog Administrator or higher on the Citrix Virtual Desktops Controller at "servername"...

Enabling WPF Rendering for Citrix HDX on Multi-Session VDAs

Overview Windows Presentation Foundation WPF applications can leverage GPU acceleration in Citrix Virtual Apps and Desktops CVAD environments running Windows Multi-session OS. By enabling WPF rendering on the server’s GPU, this reduces CPU load and improves graphics performance for WPF...

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code VSCode Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace...

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that...

Arcane stealer: We want all your data

At the end of 2024, we discovered a new stealer distributed via YouTube videos promoting game cheats. What's intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 Wrote this script based on the work of https:/...

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions

Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware as coined by Microsoft that's designed to monitor a victim's clipboard...

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker aka Monstrous Mantis, FIN7, FIN8, and Ruthless Mantis ex-REvil. "Ragnar Loader plays a key role in keeping access to...

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

Internet service providers ISPs in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity...