Malicious code in avatar-handler (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3750cf8fac7fc22334d1fb416e7f3af691425c669829dcc9857abdc1384bbb7 Code pretending to handling downloading an image, but in fact is prepared to download and execute a Powershell script image properties. No known usage ---...

Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges

Exploit Title : Microsoft Graphics Component Windows 11 Pro Build 26100+ - Local Elevation of Privileges Author: nu11secur1ty Date: 07/11/2025 --- Overview This repository contains a PowerShell script to validate whether a Windows 11 system is vulnerable to CVE-2025-49744—a critical local privile...

MAL-2025-191748 Malicious code in hancsv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb3fdca931bea8323cd7a8c2578f6d0c0594b3ea1b30df1819830168fe90983b Importing the module triggers downloading and executing Powershell script. The script collects information about the host including e.g. startup applications a...

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a...

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo...

Log Files Associated With Deleted Jobs or Tenants Are Not Automatically Deleted

Challenge The diagnostic log files created by Veeam Backup & Replication / Veeam Cloud Connect that are associated with a deleted or disabled job, repository, or tenant are not automatically removed and remain on disk taking up space. Cause This is expected behavior as log file management only...

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

The Computer Emergency Response Team of Ukraine CERT-UA has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located...

PT-2025-15093

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description The issue concerns a remote code execution RCE exploit. Technical details include the use of a vxproj file, conversion to vbs and then to ps1 PowerShell script, and involvement of an asar fil...

CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware

The Computer Emergency Response Team of Ukraine CERT-UA has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use o...

Exploit for CVE-2025-29927

Testing script for CVE-2025-29927 Provided by CyberMaxx. CV...

Exploit for CVE-2025-29927

Testing script for CVE-2025-29927 Provided by CyberMaxx. CV...

Enabling WPF Rendering for Citrix HDX on Multi-Session VDAs

Overview Windows Presentation Foundation WPF applications can leverage GPU acceleration in Citrix Virtual Apps and Desktops CVAD environments running Windows Multi-session OS. By enabling WPF rendering on the server’s GPU, this reduces CPU load and improves graphics performance for WPF...

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions

Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware as coined by Microsoft that's designed to monitor a victim's clipboard...

Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control C2 framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in...

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that...

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive.org, a file-hosting website, and used the same...

Start menu may stop responding if December 2024 or newer security updates installed on Windows 11

Start menu within a Windows 11 VDI session may not respond for some users after installing Microsoft's December 2024 or newer security updates TPV-6122 Solution This issue is fixed in the Citrix Virtual Apps and Desktops 7 2503 and newer versions. If users are using LTSR or older versions of Citr...

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response Talos IR recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered that the attacker used multiple components in the delivery chain including a Remote Access Tool RAT...

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an...