CVE-2025-47407

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level...

Rosemary 1.0.3

Rosemary is a cross-platform transparent tunneling platform designed for network pivoting. Unlike traditional tools that rely on TUN/TAP interfaces or require per-application proxy configuration like proxychains, Rosemary intercepts traffic at the kernel level...

Rosemary 1.0.1

Rosemary is a cross-platform transparent tunneling platform designed for network pivoting. Unlike traditional tools that rely on TUN/TAP interfaces or require per-application proxy configuration like proxychains, Rosemary intercepts traffic at the kernel level...

Hiding in the Tunnels: Unmasking the New Stealthy BPFDoor Variants

This is Rapid7's whitepaper discussing BPFDoor variants. Advanced persistent threats APTs are locked in a continuous arms race with network defenders. As static indicators of compromise IoCs for the notorious BPFDoor malware became widely deployed by security vendors, the threat actors went back ...

SPARK: Secure Predictive Autoscaling for Robust Kubernetes

Achieving high availability and robust security in Kubernetes requires more than reactive scaling and standard perimeter firewalls. Traditional autoscalers, such as HPA, often fail to react quickly to traffic spikes and cannot distinguish between legitimate flash crowds and DDoS attacks. We prese...

Exploit for CVE-2023-52271

Disclaimer: This repository contains code that is provided stric...

CVE-2025-36922

In bigomap of bigoiommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege in the OS Kernel level with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-30185

Summary : CVE-2025-30185 is an Intel UEFI reference-platform issue where active debugging code in Ring 0 could allow denial of service and privilege escalation. A system software adversary with privileged access and low attack complexity, via local access and without user interaction, could alter...

EUVD-2016-9914

Malware in sbrugna...

How ToddyCat tried to hide behind AV software

To hide their activity in infected systems, APT groups resort to various techniques to bypass defenses. Most of these techniques are well known and detectable by both EPP solutions and EDR threat-monitoring and response tools. For example, to hide their activity in Windows systems, cybercriminals...

Advanced threat predictions for 2025

We at Kaspersky's Global Research and Analysis Team monitor over 900 APT advanced persistent threat groups and operations. At the end of each year, we take a step back to assess the most complex and sophisticated attacks that have shaped the threat landscape. These insights enable us to anticipat...

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver BYOVD to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast...

When Guardians Become Predators: How Malware Corrupts the Protectors

When Guardians Become Predators: How Malware Corrupts the Protectors By Trellix · November 20, 2024 This blog was also written by Trishaan Kalra Introduction We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is...

hw: amd: SMM Lock Bypass

A flaw was found in hw. Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution...

CVE-2024-33027 Improper Access Control in Graphics Linux

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table...

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on the...

CVE-2023-48426 Chromecast Bootloader & Kernel-level code-execution including compromise of user-data

u-boot bug that allows for u-boot shell and interrupt over UART...

CVE-2023-48426 Chromecast Bootloader & Kernel-level code-execution including compromise of user-data

u-boot bug that allows for u-boot shell and interrupt over UART...

CVE-2024-0788

SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver...

Code injection

SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver...