Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...

CVE-2025-47319

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response EDR to chase threats after they have already entered the network, is fundamentally risky and contributes...

EUVD-2020-5209

Malware in sbrugna...

EUVD-2021-21033

Malware in sbrugna...

EUVD-2019-5380

Malware in sbrugna...

EUVD-2020-3532

Malware in sbrugna...

EUVD-2017-9426

Malware in sbrugna...

EUVD-2021-7373

Malicious code in bioql PyPI...

EUVD-2022-50310

Malicious code in bioql PyPI...

Qualcomm Trusted Application Emulation for Fuzzing Testing

In recent years, the increasing awareness of cybersecurity has led to a heightened focus on information security within hardware devices and products. Incorporating Trusted Execution Environments TEEs into product designs has become a standard practice for safeguarding sensitive user information...

CVE-2025-21432

CVE-2025-21432 concerns memory corruption while retrieving CBOR data from TA in Qualcomm closed‑source components. The CVSS 3.1 vector indicates LOCAL access with LOW privileges and LOW attack complexity, but HIGH impact across confidentiality, integrity, and availability, yielding a base score o...

CVE-2025-46733

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

CVE-2025-46733

OP-TEE 4.5.0 is vulnerable to a local, REE userland attack where a malicious tee-supplicant can craft Secure Storage API responses to cause panics in TAs using libutee. The flaw arises because return codes from secure storage operations are unsafely passed from the REE tee-supplicant, through the...

PT-2025-50081

Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform firmware affected versions not specified Description An issue exists in Qualcomm embedded platform firmware related to the disclosure of system data to a controlled area. Exploitation of this issue may allow an...

CVE-2020-11178

Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

CVE-2019-14130

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit

BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious...