21 matches found
MAL-2026-5615 Malicious code in sysau (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b2cf08a271605de33b2c202bb8a5a6689251e9a4711a628a88c57ebf0ec4f07 On install/load, index.js auto-runs a bootstrap that silently installs Python 3.12 via winget, falling back to a /quiet curl of python-3.12.3-amd64.e...
MAL-2026-5617 Malicious code in sysnu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...
CVE-2026-45597
Concurrent execution using shared resource with improper synchronization 'race condition' in UI Automation Manager uiamanager.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-45597
Concurrent execution using shared resource with improper synchronization 'race condition' in UI Automation Manager uiamanager.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability
...
EUVD-2026-35555
Concurrent execution using shared resource with improper synchronization 'race condition' in UI Automation Manager uiamanager.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability
...
CVE-2026-45597
The CVE-2026-45597 issue affects Windows UI Automation Manager (uiamanager.dll). A race condition arises from concurrent execution with improper synchronization on a shared resource, enabling a local, authorized attacker to elevate privileges. Documents confirm the vulnerability type and impact (...
Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in UI Automation Manager uiamanager.dll allows an authorized attacker to elevate privileges locally...
PT-2026-47986
Concurrent execution using shared resource with improper synchronization 'race condition' in UI Automation Manager uiamanager.dll allows an authorized attacker to elevate privileges locally...
MAL-2026-4678 Malicious code in sysnode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1f5d271eb72dffa8868b2701aeb4aa7799ee9d7294f342e14682b6675114077 Package self-describes as a 'System binary configuration tool' but on invocation CLI/bin entry or require it silently bootstraps a full surveillance...
Malicious code in sysnode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1f5d271eb72dffa8868b2701aeb4aa7799ee9d7294f342e14682b6675114077 Package self-describes as a 'System binary configuration tool' but on invocation CLI/bin entry or require it silently bootstraps a full surveillance...
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence AI chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to...
wechat-monitor-poc
WeChat Message Monitoring PoC Project Project Description...
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework calledUI AutomationUIA to harvest sensitive information. "The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banki...
Coyote Trojan First to Use Microsoft UI Automation in Bank Attacks
Coyote Trojan becomes first malware to abuse Microsoft’s UI Automation in real attacks, targeting banks and crypto platforms with stealthy tactics...
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
A newly devised technique leverages a Windows accessibility framework called UI Automation UIA to perform a wide range of malicious activities without tipping off endpoint detection and response EDR solutions. "To exploit this technique, a user must be convinced to run a program that uses UI...
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation
...
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation
...
November 14, 2023—KB5032198 (OS Build 20348.2113)
November 14, 2023—KB5032198 OS Build 20348.2113 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out wh...