Lucene search
+L

123 matches found

Securelist
Securelist
added yesterday9 views

HelloNet campaign — new malicious modules launched through the ViPNet update system

UPD 16.07.2026: Added rules to protect companies using our SIEM system Kaspersky SIEM, and listed events for developing custom detection rules or conducting Threat hunting. UPD 16.07.2026: Added detection of the malicious activity using Kaspersky Managed Detection and Response. UPD 16.07.2026:...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/07/06 10:58 a.m.16 views

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/07/01 10:0 a.m.25 views

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

UPD 03.07.2026: added a package of rules and recommendations that help detect the described malicious activity for companies using our Kaspersky SIEM system. Introduction To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these...

6.1AI score
Exploits0
HackRead
HackRead
added 2026/04/22 1:57 p.m.11 views

Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor

Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works...

5.7AI score
Exploits0
HackRead
HackRead
added 2026/04/15 8:59 p.m.9 views

Fake Claude AI Installer Targets Windows Users with PlugX Malware

Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/14 12:45 p.m.102 views

Windows-privilege-exploits

Elevation !Windowshttps://img.shields.io/badge/platform-Wi...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/04/13 9:0 a.m.30 views

JanelaRAT: a financial threat targeting users in Latin America

Background JanelaRAT is a malware family that takes its name from the Portuguese word "janela" which means "window". JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/31 6:28 p.m.6 views

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesi...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/30 7:1 a.m.18 views

A week in security (March 23 – March 29)

Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.12 views

CVE-2026-33156

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2026/03/23 12:42 p.m.10 views

Advanced Flow will make Android sideloading safer

Google has announced the introduction of Advanced Flow, designed to let Android users install apps from unverified developers more safely than before. This process is known as sideloading. It means installing an app on your device from somewhere other than the Google Play store, usually by...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/20 9:17 p.m.3 views

CVE-2026-33156

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS0.00224EPSS
Exploits1References1
CVE
CVE
added 2026/03/20 8:29 p.m.16 views

CVE-2026-33156

CVE-2026-33156 affects ScreenToGif (portable versions up to 2.42.1). The flaw is DLL sideloading through version.dll: when run from a user-writable directory, the executable loads version.dll from its own directory instead of Windows System32, enabling arbitrary code execution in the user’s conte...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:29 p.m.8 views

CVE-2026-33156

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:29 p.m.26 views

CVE-2026-33156 DLL Sideloading in ScreenToGif

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS0.00224EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/20 8:29 p.m.5 views

EUVD-2026-13793

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 8:29 p.m.5 views

CVE-2026-33156 DLL Sideloading in ScreenToGif

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/20 8:29 p.m.3 views

CVE-2026-33156 DLL Sideloading in ScreenToGif

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/03/20 10:57 a.m.11 views

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.8 views

PT-2026-26676

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References4
Rows per page
Query Builder