CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-8398link is external Daemon Tools Lite Embedded Malicious Code Vulnerability CVE-2026-45321link is external TanStack Unspecified Vulnerability...

Daemon Tools Lite Embedded Malicious Code Vulnerability

Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability...

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

CVE-2026-8398

The CVE-2026-8398 entry concerns a supply-chain compromise of DAEMON Tools Lite Windows installers (versions 12.5.0.2421–12.5.0.2434) distributed via daemon-tools.cc. Attackers allegedly gained access to AVB Disc Soft’s build/distribution infrastructure and trojanized three binaries—DTHelper.exe,...

EUVD-2026-30514

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

Disc Soft DAEMON Tools Lite 安全漏洞

Disc Soft DAEMON Tools Lite is a software developed by Disc Soft that supports the mounting of disc images and the creation of virtual drives along with image file management. Versions 12.5.0.2421 to 12.5.0.2434 of Disc Soft DAEMON Tools Lite contain security vulnerabilities. These vulnerabilitie...

Google's Android Apps Get Public Verification to Stop Supply Chain Attacks

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams said. The initiati...

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belongin...

PT-2026-41279

Name of the Vulnerable Software and Affected Versions DAEMON Tools Lite versions 12.5.0.2421 through 12.5.0.2434 Description A supply chain attack compromised official installation packages distributed via the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers...

[SECURITY] Fedora 44 Update: udisks2-2.11.1-1.fc44

The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies...

EUVD-2010-5198

Malware in sbrugna...

EUVD-2011-3940

Malware in sbrugna...

CVE-2010-5239

Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that contains a .mds file. NOTE: some of these details a...

CVE-2021-21832

CVE-2021-21832 affects Disc Soft Ltd Daemon Tools Pro 8.3.0.0767. Multiple connected sources describe a memory corruption vulnerability in the ISO Parsing functionality caused by an integer overflow during allocation when processing a crafted ISO file, leading to an out-of-bounds write. The TALOS...

Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a memory corruption vulnerability in Disc Soft Ltd.'s Daemon Tools Pro. Daemon Tools Pro is a professional emulation software that works with disc images and virtual... This is only the...

PT-2021-14802 · Disc Soft · Daemon Tools Pro

Name of the Vulnerable Software and Affected Versions: Disc Soft Ltd Deamon Tools Pro version 8.3.0.0767 Description: A memory corruption issue exists in the ISO Parsing functionality. This can be triggered by a specially crafted malformed file, leading to an out-of-bounds write. An attacker can...