1667 matches found
Exploit for Incorrect Default Permissions in Microsoft
This List is no longer updated. Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and...
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing
Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans RATs. The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub...
From .pth to p0wned: Abuse of Pickle Files in AI Model Supply Chains
Executive summary Recent threat research highlights a growing risk in the Python and machine learning ML ecosystem: the exploitation of serialized model files, specifically those using Python’s pickle module. While commonly used for saving and loading ML models, pickle files can execute arbitrary...
YushuTechUnitreeGo1
Based on the provided code, it appears to be a Windows executable file PE file that has been modified to contain a malicious payload. The file is likely a malware dropper or a backdoor that allows remote access to the compromised system. The code is written in C and uses various techniques to eva...
Exploit for Incorrect Default Permissions in Forescout Secureconnector
Description A PoC for CVE-2025-4660, Forescout SecureConne...
Under the Hood of BlotchyQuasar: DLL-Based RAT Campaigns against Latin America
A sophisticated malspam campaign was recently uncovered targeting Latin American countries, with a particular focus on Brazil. This operation utilizes a highly deceptive phishing email to trick users into executing a malicious MSI file, initiating a multi-stage infection. The core of the attack...
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker...
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud, and NFC Theft
Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. "Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service MaaS on...
MAL-2025-4776 Malicious code in @gluestack-ui/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 17982e09dcf1a69caf714afad49b310371d80fe7260bf21fcad08da2a07df00c React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...
MAL-2025-4782 Malicious code in @react-native-aria/interactions (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 0ebff3f8886f25a3adc58387ba0a97c3768c3c88e8f4c09d8562b92b0fdbbd7f React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...
Striking Back at Cobalt: Using Network Traffic Metadata to Detect Cobalt Strike Masquerading Command and Control Channels
Off-the-shelf software for Command and Control is often used by attackers and legitimate pentesters looking for discretion. Among other functionalities, these tools facilitate the customization of their network traffic so it can mimic popular websites, thereby increasing their secrecy. Cobalt...
Malicious Package
Overview readmecolorama is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...
Malicious Package
Overview coloraiz is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...
Malicious Package
Overview coloramapkgs is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...
Malicious Package
Overview coloramapkgsw is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...
Malicious Package
Overview coloramashowtemp is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...
Malicious Package
Overview coloramapkgsdow is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control C2. The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromise...
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
Embedded Linux-based Internet of Things IoT devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than...
Lazarus Group Targets Crypto-Wallets and Financial Data While Employing New Tradecrafts
This report presents a comprehensive analysis of a malicious software sample, detailing its architecture, behavioral characteristics, and underlying intent. Through static and dynamic examination, the malware core functionalities, including persistence mechanisms, command-and-control communicatio...