CVE-2026-32958

SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update...

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to...

MinIO Vulnerabilities Exposed as Hackers Breach Through Storage

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is...

New IDAT Loader Unleashes Infostealers in Fake Browser Update Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is packaged...

Fake Chrome Browser Update Installs NetSupport Manager RAT

By Waqas Trellix Uncovers Deceptive Chrome Browser Update Campaign Leveraging NetSupport Manager RAT. This is a post from HackRead.com Read the original post: Fake Chrome Browser Update Installs NetSupport Manager RAT...

Beware of Fake Windows 11 Update Delivering Malware

By Deeba Ahmed According to researchers, the fake upgrade injects malware onto Windows-based devices and steals crypto wallets and browsing data.… This is a post from HackRead.com Read the original post: Beware of Fake Windows 11 Update Delivering Malware...

The vulnerability arises from insufficient checking of update files in the client update folder of the VipNet Client information protection software. This allows a perpetrator to execute arbitrary code.

The vulnerability of the VipNet Client information protection software lies in insufficient checks on access rights to the update folder, as well as insufficient checks on the integrity and authenticity of update files. Exploiting this vulnerability could allow an attacker, operating locally, to...

New Attack Against Electrum Bitcoin Wallets

This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users t...

Fake Chrome & Firefox browser update lead users to malware infection

By Waqas Another day, another malware scam - This one uses Chrome This is a post from HackRead.com Read the original post: Fake Chrome & Firefox browser update lead users to malware infection...

Fake Chrome & Firefox Font Update Drops RAT and Locky Ransomware

By Waqas Google Chrome with 2 billion active users is the most This is a post from HackRead.com Read the original post: Fake Chrome Firefox Font Update Drops RAT and Locky Ransomware...

The vulnerability arises from insufficient checking of update files in the update folder of the VipNet Coordinator software protection system. This allows a perpetrator to execute arbitrary code.

The vulnerability of the VipNet Coordinator information protection software lies in insufficient checks on access rights to the update folder, as well as insufficient checks on the integrity and authenticity of update files. Exploiting this vulnerability could allow an attacker, operating locally...

Blackhat topic: WSUS exploit the theory with the practice-vulnerability warning-the black bar safety net

Paul Stone and Alex Chapman in Blackhat2015 made a about Windows Server Update Service WSUS vulnerabilities. An attacker can use MiTMMan In The Middle, MITMattack to exploit the vulnerability, allowing users to download and install the fake update. It is well known that Microsoft through the...

[WebSploit Framework] Scan And Analysis Remote System From Vulnerability

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability. WebSploit Is An Open Source Project For : Social Engineering Works Scan,Crawler & Analysis Web Automatic Exploiter Support Network Attacks +Autopwn - Used From Metasploit For Scan and Exploit Target Servic...

[BeEF] Fake Browser Update Exploitation

How to use BeEF Framework for fake browser update exploitation. Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to insta...

Chrome Playing Hard to Get with Blackhole Exploit Kit

Google’s Chrome browser is something of a tough customer for the infamous and widely deployed Blackhole Exploit Kit, according to Blue Coat security researcher, Adnan Shukor. Shukor notes there has been an uptick in the kit’s use of plain HTML files, instead of iframes, to redirect users to explo...

TweetDeck Scam Uses Fake Update As Lure

Compromised Twitter accounts have been used to post links to an exploit portal that poses as a download site for an update to TweetDeck, the popular micro-blogging client software package. Read the full article. The Register...