CVE-2026-28800

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

CVE-2026-28801

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801

Summary of CVE-2026-28801 : Natro Macro (AutoHotkey-based macro for Bee Swarm Simulator) prior to version 1.1.0 executes any AHK code found inside pattern or path files. The root cause is code execution from shared pattern/path files, allowing an attacker to embed malicious code that runs with th...

CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28800

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

EUVD-2026-10007

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

PT-2026-23654

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

PT-2026-23653

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

NatroMacro 代码注入漏洞

NatroMacro is an automated script tool for games, open-sourced by the Natro Team. Versions of NatroMacro prior to 1.1.0 contained a code injection vulnerability. This vulnerability stemmed from any ahk code in the execution mode or path files, allowing attackers to share files containing maliciou...

EUVD-2020-10101

Malware in sbrugna...

CVE-2020-18174

A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing...

DarkGate switches up its tactics with new payload, email templates

This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victims system with the DarkGate malware. These campaigns, active since the...

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service MaaS operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have...

DarkGate again but... Improved?

DarkGate again but... Improved? By Ernesto Fernández Provecho · June 3, 2024 Executive summary During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans RATs by malicious actors. However, this momentum also required...

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of capabilities, such as stealing login...

Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent intrusion, a threat actor utilized AutoHotkey to launch a keylogger. The Iranian OilRig group is suspected to be the culprit behind this attack. The initial compromise was initiated with a...

Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware

Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 a...

CVE-2020-18174

A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...