122 matches found
New Dohdoor malware campaign targets education and health care
Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as "UAT-10027," delivering a previously undisclosed backdoor dubbed "Dohdoor." Dohdoor utilizes the DNS-over-HTTPS DoH technique for command-and-control C2 communications and h...
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan RAT. The activity delivers "weaponized files via Dynamic Link Library DLL sideloading, combined wit...
Hiding in Plain Sight: Multi-Actor ahost.exe Attacks
Hiding in Plain Sight: Deconstructing the Multi-Actor DLL Sideloading Campaign abusing ahost.exe By Mallikarjun Wali and Mohideen Abdul Khader · January 14, 2026 Executive summary The Trellix Advanced Research Center has uncovered an active malware campaign that exploits a DLL sideloading...
CVE-2022-23748
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files...
CVE-2021-31841
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute...
CVE-2024-2451
Improper fingerprint validation in the TeamViewer Client Full & Host prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading...
Evasive Panda APT poisons DNS requests to deliver MgBot
Introduction The Evasive Panda APT group also known as Bronze Highland, Daggerfly, and StormBamboo has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research June 2025 reveals that the attackers conducted highly-targeted campaigns, which...
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
An advanced persistent threat APT known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ash...
📄 Microsoft Windows 11 build 10.0.22631.6199 Privilege Escalation
Microsoft Windows 11 build 10.0.22631.6199 proof of concept tool that implements a notorious local privilege escalation technique on Windows. The code implements a task scheduler/DLL sideloading attack to achieve UAC bypass / privilege escalation by forcing the trusted SilentCleanup task to load...
EUVD-2021-18716
Malware in sbrugna...
How we trained an ML model to detect DLL hijacking
DLL hijacking is a common technique in which attackers replace a library called by a legitimate process with a malicious one. It is used by both creators of mass-impact malware, like stealers and banking Trojans, and by APT and cybercrime groups behind targeted attacks. In recent years, the numbe...
EUVD-2023-28594
Malicious code in bioql PyPI...
EUVD-2023-54772
Malicious code in bioql PyPI...
EUVD-2023-25425
Malicious code in bioql PyPI...
EUVD-2022-25100
Malicious code in bioql PyPI...
EUVD-2024-27400
Malicious code in bioql PyPI...
Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook
APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection...
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. "Android will require all apps to be registered by verified developers in order to be installed by users on certified...
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...
New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises
We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...