Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 CVSS score: 9.8, has been described as a variant of CVE-2025-49704 CVSS score: 8.8, a code injection and...

Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI

Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server now integrate with th...

The vulnerability of the jscript9legacy.dll library in the Antimalware Scan Interface (AMSI) component of Microsoft Windows operating systems allows a malicious actor to circumvent security restrictions.

The vulnerability of the jscript9legacy.dll library in the Antimalware Scan Interface AMSI component of Microsoft Windows operating systems is related to a flaw in the data protection mechanism. Exploiting this vulnerability could allow an attacker to circumvent security restrictions...

JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware

Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions JAVS to deliver malware that's associated with a known implant called RustDoor. The software supply chain attack, tracked as CVE-2024-4978 CVSS score: 8.7, impacts...

Encrypted & Fileless Malware Sees Big Growth

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily...

The vulnerability of the AMSI component of the McAfee Endpoint Security protection software allows a hacker to disable Endpoint Security.

The vulnerability of the AMSI component of the McAfee Endpoint Security protection software is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to disable Endpoint Security...

XLM + AMSI: New runtime defense against Excel 4.0 macro malware

We have recently expanded the integration of Antimalware Scan Interface AMSI with Office 365 to include the runtime scanning of Excel 4.0 XLM macros, to help antivirus solutions tackle the increase in attacks that use malicious XLM macros. This integration, an example of the many security feature...

Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely. The tool — dubbed "APOMacroSploit" — is a macro exploit...

CVE-2020-7261

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security ENS Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input...

Improved Fallout EK comes back after short hiatus

Edit 2019-01-24 Fallout EK introduces a new dropper to facilitate the final payload retrieval. This update replaces the plain MZ we saw for a little while. -- After a short hiatus in early January, the Fallout exploit kit is back in business again with some new features for the new year. During i...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...