Lucene search
K

122 matches found

talosblog
talosblog
added 2026/02/26 11:0 a.m.15 views

New Dohdoor malware campaign targets education and health care

Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as "UAT-10027," delivering a previously undisclosed backdoor dubbed "Dohdoor." Dohdoor utilizes the DNS-over-HTTPS DoH technique for command-and-control C2 communications and h...

6.4AI score
Exploits0
thn
thn
added 2026/01/20 1:46 p.m.8 views

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan RAT. The activity delivers "weaponized files via Dynamic Link Library DLL sideloading, combined wit...

6.2AI score
Exploits0
trellix
trellix
added 2026/01/14 12:0 a.m.9 views

Hiding in Plain Sight: Multi-Actor ahost.exe Attacks

Hiding in Plain Sight: Deconstructing the Multi-Actor DLL Sideloading Campaign abusing ahost.exe By Mallikarjun Wali and Mohideen Abdul Khader · January 14, 2026 Executive summary The Trellix Advanced Research Center has uncovered an active malware campaign that exploits a DLL sideloading...

6AI score
Exploits0
redhatcve
redhatcve
added 2026/01/09 10:54 a.m.11 views

CVE-2022-23748

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files...

7.8CVSS6.7AI score0.09092EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:50 a.m.13 views

CVE-2021-31841

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute...

8.2CVSS7.5AI score0.00234EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/07 9:12 a.m.8 views

CVE-2024-2451

Improper fingerprint validation in the TeamViewer Client Full & Host prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading...

6.4CVSS6.9AI score0.00106EPSS
Exploits0References1
securelist
securelist
added 2025/12/24 7:0 a.m.12 views

Evasive Panda APT poisons DNS requests to deliver MgBot

Introduction The Evasive Panda APT group also known as Bronze Highland, Daggerfly, and StormBamboo has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research June 2025 reveals that the attackers conducted highly-targeted campaigns, which...

7.2AI score
Exploits0
thn
thn
added 2025/12/11 11:0 a.m.16 views

WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

An advanced persistent threat APT known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ash...

7.1AI score
Exploits0
packetstorm
packetstorm
added 2025/12/03 12:0 a.m.282 views

📄 Microsoft Windows 11 build 10.0.22631.6199 Privilege Escalation

Microsoft Windows 11 build 10.0.22631.6199 proof of concept tool that implements a notorious local privilege escalation technique on Windows. The code implements a task scheduler/DLL sideloading attack to achieve UAC bypass / privilege escalation by forcing the trusted SilentCleanup task to load...

7.4AI score
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18716

Malware in sbrugna...

8.2CVSS7.4AI score0.00234EPSS
Exploits0References2
securelist
securelist
added 2025/10/06 8:0 a.m.4 views

How we trained an ML model to detect DLL hijacking

DLL hijacking is a common technique in which attackers replace a library called by a legitimate process with a malicious one. It is used by both creators of mass-impact malware, like stealers and banking Trojans, and by APT and cybercrime groups behind targeted attacks. In recent years, the numbe...

6.7AI score
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-28594

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00254EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-54772

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00214EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-25425

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.0009EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-25100

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.00348EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.16 views

EUVD-2024-27400

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00106EPSS
Exploits0References1
hackread
hackread
added 2025/09/04 9:44 p.m.7 views

Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook

APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection...

7AI score
Exploits0
thn
thn
added 2025/08/26 6:27 a.m.4 views

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. "Android will require all apps to be registered by verified developers in order to be installed by users on certified...

7.1AI score
Exploits0
trendmicroblog
trendmicroblog
added 2025/08/12 12:0 a.m.18 views

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...

7.3AI score
Exploits0
trendmicroblog
trendmicroblog
added 2025/08/12 12:0 a.m.8 views

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...

7.3AI score
Exploits0
Rows per page
Query Builder