722 matches found
UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp
The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stasvl,” ran a long-running bulletproof hosting operation used by top ransomware groups...
CVE-2025-61661
A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...
EUVD-2025-117407
Malicious code in evil-gold-yak npm...
EUVD-2025-79306
Malicious code in evilmanateez3n npm...
EUVD-2025-64233
Malicious code in evilbasiliskz3n npm...
EUVD-2025-54524
Malicious code in evil-teal-gamefowl npm...
EUVD-2025-54526
Malicious code in evil-orange-lynx npm...
EUVD-2025-54528
Malicious code in evil-coffee-whitefish npm...
EUVD-2025-54525
Malicious code in evil-tan-weasel npm...
EUVD-2025-54529
Malicious code in evil-coffee-dragonfly npm...
EUVD-2025-54527
Malicious code in evil-harlequin-coyote npm...
EUVD-2025-50264
Malicious code in evilvicunaz3n npm...
EUVD-2025-47818
Malicious code in evilbarracudaz3n npm...
SocGholish Malware Using Compromised Sites to Deliver Ransomware
New research on SocGholish FakeUpdates reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide...
EUVD-2018-18159
Malware in sbrugna...
EUVD-2020-23514
Malware in sbrugna...
EUVD-2024-48334
Malicious code in bioql PyPI...
Forensic journey: hunting evil within AmCache
Introduction When it comes to digital forensics, AmCache plays a vital role in identifying malicious activities in Windows systems. This artifact allows the identification of the execution of both benign and malicious software on a machine. It is managed by the operating system, and at the time o...
Exploit for CVE-2021-22006
It is an exploit module/toolkit targeting JNDI vulnerabilities. The primary CVE ID is CVE-2021-22006. The target product/service is Java-based applications, specifically those using JNDI services. The vulnerability class/vector is RCE Remote Code Execution, and the probable entry points are...
MAL-2025-19993 Malicious code in evil-npm-package-tonghuaroot (npm)
The package evil-npm-package-tonghuaroot was found to contain malicious code...