Lucene search
K

492 matches found

The Hacker News
The Hacker News
added 5 days ago16 views

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan RAR called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware v...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/07/01 10:0 a.m.24 views

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

UPD 03.07.2026: added a package of rules and recommendations that help detect the described malicious activity for companies using our Kaspersky SIEM system. Introduction To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/30 3:40 p.m.23 views

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50524

Name of the Vulnerable Software and Affected Versions Devolutions UniGetUI versions prior to 2026.2.1 Description The pinget backend contains an issue where names or references are incorrectly resolved. This allows a WinGet community catalog contributor to correlate an installed application with ...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 5:16 p.m.6 views

DEBIAN-CVE-2026-12003

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.3AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49724

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description On Windows, Python uses the VPATH variable to locate landmarks, such as 'Modules/setup.local', to determine if it is running in a source tree and adjust the default sys.path. In certain...

5.3CVSS5.2AI score0.00136EPSS
Exploits0References25
OSV
OSV
added 2026/06/15 8:42 p.m.9 views

MAL-2026-5838 Malicious code in tn-advertisement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b13ed4147b360eee88a36d9fe649dccbef37cf9019072841e697b88b6e4d3d2 On require, index.js performs an unconditional http.get to a unique subdomain of oastify.com Burp Suite Collaborator out-of-band testing...

5.9AI score
Exploits0References1
HackRead
HackRead
added 2026/06/14 5:46 p.m.13 views

Hackers Hide New Argamal Malware Inside Working Hentai Games

Kaspersky found Argamal malware hidden in hentai game installers, giving hackers remote access through working games shared on adult sites and torrents...

5.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.17 views

Malicious code in gethandler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6925d4c07df297f8cb573df4d85a396794d8793179e7a97f2cfde3aadfcfbc On npm install, postinstall.js unconditionally sends an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying the installer...

6.1AI score
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/06/08 4:0 p.m.38 views

AI brands as bait: How threat actors are using the AI hype in social engineering

In this article 1. ChatGPT-themed lure leads to phishing kit collecting credit card data 2. Claude-themed phishing campaign collected credentials and access tokens 3. "Awesome AI Windows Plugin” malvertising deploys Vidar stealer 4. Fake DeepSeek V4 installers on GitHub delivered Vidar Stealer 5...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-20772

Uncontrolled search path for some IntelR Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may...

5.4CVSS5.3AI score0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.13 views

CVE-2026-32679

The installers of LiveOn Meet Client for Windows Downloader5Installer.exe and Downloader5InstallerForAdmin.exe and the installers of Canon Network Camera Plugin CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe insecurely load Dynamic Link Libraries DLLs. If a malicious DLL is placed at the...

8.4CVSS7.3AI score0.0016EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/29 5:57 a.m.20 views

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The North Korean state-sponsored threat actor known as Kimsuky aka Velvet Chollima has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as...

6AI score
Exploits0
HackRead
HackRead
added 2026/05/27 6:8 p.m.15 views

Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms

Iran’s Nimbus Manticore hackers used trojanized Zoom installers to deploy malware against US firms during a wider IRGC linked cyber campaign...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/05/26 6:46 p.m.19 views

Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning

Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/26 1:7 p.m.14 views

Fake software on GitHub and SourceForge distribute Deno RAT

During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links ...

6AI score
Exploits0
Cvelist
Cvelist
added 2026/05/25 5:28 a.m.42 views

CVE-2026-25193

Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...

8.1CVSS0.00132EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/23 6:40 p.m.84 views

exploits

exploits CVE explai...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 10:18 p.m.12 views

Malicious code in @cometix/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9c6fc5df21efcd2949e4c05b4a9a75dbe8142243a3967dc853be7069ecaca24 Package is published under the @cometix scope but its package.json sets author to 'Anthropic ' and ships a README copied verbatim from Anthropic's...

5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/15 7:30 a.m.8 views

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

9.8CVSS5.8AI score0.01456EPSS
Exploits1References2
Rows per page
Query Builder